1/***************************************************************************
2 * _ _ ____ _
3 * Project ___| | | | _ \| |
4 * / __| | | | |_) | |
5 * | (__| |_| | _ <| |___
6 * \___|\___/|_| \_\_____|
7 *
8 * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
9 *
10 * This software is licensed as described in the file COPYING, which
11 * you should have received as part of this distribution. The terms
12 * are also available at https://curl.se/docs/copyright.html.
13 *
14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 * copies of the Software, and permit persons to whom the Software is
16 * furnished to do so, under the terms of the COPYING file.
17 *
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 * KIND, either express or implied.
20 *
21 ***************************************************************************/
22
23#include "curl_setup.h"
24
25#ifndef CURL_DISABLE_HTTP
26
27#include "urldata.h" /* it includes http_chunks.h */
28#include "sendf.h" /* for the client write stuff */
29#include "dynbuf.h"
30#include "content_encoding.h"
31#include "http.h"
32#include "non-ascii.h" /* for Curl_convert_to_network prototype */
33#include "strtoofft.h"
34#include "warnless.h"
35
36/* The last #include files should be: */
37#include "curl_memory.h"
38#include "memdebug.h"
39
40/*
41 * Chunk format (simplified):
42 *
43 * <HEX SIZE>[ chunk extension ] CRLF
44 * <DATA> CRLF
45 *
46 * Highlights from RFC2616 section 3.6 say:
47
48 The chunked encoding modifies the body of a message in order to
49 transfer it as a series of chunks, each with its own size indicator,
50 followed by an OPTIONAL trailer containing entity-header fields. This
51 allows dynamically produced content to be transferred along with the
52 information necessary for the recipient to verify that it has
53 received the full message.
54
55 Chunked-Body = *chunk
56 last-chunk
57 trailer
58 CRLF
59
60 chunk = chunk-size [ chunk-extension ] CRLF
61 chunk-data CRLF
62 chunk-size = 1*HEX
63 last-chunk = 1*("0") [ chunk-extension ] CRLF
64
65 chunk-extension= *( ";" chunk-ext-name [ "=" chunk-ext-val ] )
66 chunk-ext-name = token
67 chunk-ext-val = token | quoted-string
68 chunk-data = chunk-size(OCTET)
69 trailer = *(entity-header CRLF)
70
71 The chunk-size field is a string of hex digits indicating the size of
72 the chunk. The chunked encoding is ended by any chunk whose size is
73 zero, followed by the trailer, which is terminated by an empty line.
74
75 */
76
77#ifdef CURL_DOES_CONVERSIONS
78/* Check for an ASCII hex digit.
79 We avoid the use of ISXDIGIT to accommodate non-ASCII hosts. */
80static bool isxdigit_ascii(char digit)
81{
82 return (digit >= 0x30 && digit <= 0x39) /* 0-9 */
83 || (digit >= 0x41 && digit <= 0x46) /* A-F */
84 || (digit >= 0x61 && digit <= 0x66); /* a-f */
85}
86#else
87#define isxdigit_ascii(x) Curl_isxdigit(x)
88#endif
89
90void Curl_httpchunk_init(struct Curl_easy *data)
91{
92 struct connectdata *conn = data->conn;
93 struct Curl_chunker *chunk = &conn->chunk;
94 chunk->hexindex = 0; /* start at 0 */
95 chunk->state = CHUNK_HEX; /* we get hex first! */
96 Curl_dyn_init(&conn->trailer, DYN_H1_TRAILER);
97}
98
99/*
100 * chunk_read() returns a OK for normal operations, or a positive return code
101 * for errors. STOP means this sequence of chunks is complete. The 'wrote'
102 * argument is set to tell the caller how many bytes we actually passed to the
103 * client (for byte-counting and whatever).
104 *
105 * The states and the state-machine is further explained in the header file.
106 *
107 * This function always uses ASCII hex values to accommodate non-ASCII hosts.
108 * For example, 0x0d and 0x0a are used instead of '\r' and '\n'.
109 */
110CHUNKcode Curl_httpchunk_read(struct Curl_easy *data,
111 char *datap,
112 ssize_t datalen,
113 ssize_t *wrotep,
114 CURLcode *extrap)
115{
116 CURLcode result = CURLE_OK;
117 struct connectdata *conn = data->conn;
118 struct Curl_chunker *ch = &conn->chunk;
119 struct SingleRequest *k = &data->req;
120 size_t piece;
121 curl_off_t length = (curl_off_t)datalen;
122 size_t *wrote = (size_t *)wrotep;
123
124 *wrote = 0; /* nothing's written yet */
125
126 /* the original data is written to the client, but we go on with the
127 chunk read process, to properly calculate the content length*/
128 if(data->set.http_te_skip && !k->ignorebody) {
129 result = Curl_client_write(data, CLIENTWRITE_BODY, datap, datalen);
130 if(result) {
131 *extrap = result;
132 return CHUNKE_PASSTHRU_ERROR;
133 }
134 }
135
136 while(length) {
137 switch(ch->state) {
138 case CHUNK_HEX:
139 if(isxdigit_ascii(*datap)) {
140 if(ch->hexindex < CHUNK_MAXNUM_LEN) {
141 ch->hexbuffer[ch->hexindex] = *datap;
142 datap++;
143 length--;
144 ch->hexindex++;
145 }
146 else {
147 return CHUNKE_TOO_LONG_HEX; /* longer hex than we support */
148 }
149 }
150 else {
151 char *endptr;
152 if(0 == ch->hexindex)
153 /* This is illegal data, we received junk where we expected
154 a hexadecimal digit. */
155 return CHUNKE_ILLEGAL_HEX;
156
157 /* length and datap are unmodified */
158 ch->hexbuffer[ch->hexindex] = 0;
159
160 /* convert to host encoding before calling strtoul */
161 result = Curl_convert_from_network(data, ch->hexbuffer, ch->hexindex);
162 if(result) {
163 /* Curl_convert_from_network calls failf if unsuccessful */
164 /* Treat it as a bad hex character */
165 return CHUNKE_ILLEGAL_HEX;
166 }
167
168 if(curlx_strtoofft(ch->hexbuffer, &endptr, 16, &ch->datasize))
169 return CHUNKE_ILLEGAL_HEX;
170 ch->state = CHUNK_LF; /* now wait for the CRLF */
171 }
172 break;
173
174 case CHUNK_LF:
175 /* waiting for the LF after a chunk size */
176 if(*datap == 0x0a) {
177 /* we're now expecting data to come, unless size was zero! */
178 if(0 == ch->datasize) {
179 ch->state = CHUNK_TRAILER; /* now check for trailers */
180 }
181 else
182 ch->state = CHUNK_DATA;
183 }
184
185 datap++;
186 length--;
187 break;
188
189 case CHUNK_DATA:
190 /* We expect 'datasize' of data. We have 'length' right now, it can be
191 more or less than 'datasize'. Get the smallest piece.
192 */
193 piece = curlx_sotouz((ch->datasize >= length)?length:ch->datasize);
194
195 /* Write the data portion available */
196 if(!data->set.http_te_skip && !k->ignorebody) {
197 if(!data->set.http_ce_skip && k->writer_stack)
198 result = Curl_unencode_write(data, k->writer_stack, datap, piece);
199 else
200 result = Curl_client_write(data, CLIENTWRITE_BODY, datap, piece);
201
202 if(result) {
203 *extrap = result;
204 return CHUNKE_PASSTHRU_ERROR;
205 }
206 }
207
208 *wrote += piece;
209 ch->datasize -= piece; /* decrease amount left to expect */
210 datap += piece; /* move read pointer forward */
211 length -= piece; /* decrease space left in this round */
212
213 if(0 == ch->datasize)
214 /* end of data this round, we now expect a trailing CRLF */
215 ch->state = CHUNK_POSTLF;
216 break;
217
218 case CHUNK_POSTLF:
219 if(*datap == 0x0a) {
220 /* The last one before we go back to hex state and start all over. */
221 Curl_httpchunk_init(data); /* sets state back to CHUNK_HEX */
222 }
223 else if(*datap != 0x0d)
224 return CHUNKE_BAD_CHUNK;
225 datap++;
226 length--;
227 break;
228
229 case CHUNK_TRAILER:
230 if((*datap == 0x0d) || (*datap == 0x0a)) {
231 char *tr = Curl_dyn_ptr(&conn->trailer);
232 /* this is the end of a trailer, but if the trailer was zero bytes
233 there was no trailer and we move on */
234
235 if(tr) {
236 size_t trlen;
237 result = Curl_dyn_add(&conn->trailer, (char *)"\x0d\x0a");
238 if(result)
239 return CHUNKE_OUT_OF_MEMORY;
240
241 tr = Curl_dyn_ptr(&conn->trailer);
242 trlen = Curl_dyn_len(&conn->trailer);
243 /* Convert to host encoding before calling Curl_client_write */
244 result = Curl_convert_from_network(data, tr, trlen);
245 if(result)
246 /* Curl_convert_from_network calls failf if unsuccessful */
247 /* Treat it as a bad chunk */
248 return CHUNKE_BAD_CHUNK;
249
250 if(!data->set.http_te_skip) {
251 result = Curl_client_write(data, CLIENTWRITE_HEADER, tr, trlen);
252 if(result) {
253 *extrap = result;
254 return CHUNKE_PASSTHRU_ERROR;
255 }
256 }
257 Curl_dyn_reset(&conn->trailer);
258 ch->state = CHUNK_TRAILER_CR;
259 if(*datap == 0x0a)
260 /* already on the LF */
261 break;
262 }
263 else {
264 /* no trailer, we're on the final CRLF pair */
265 ch->state = CHUNK_TRAILER_POSTCR;
266 break; /* don't advance the pointer */
267 }
268 }
269 else {
270 result = Curl_dyn_addn(&conn->trailer, datap, 1);
271 if(result)
272 return CHUNKE_OUT_OF_MEMORY;
273 }
274 datap++;
275 length--;
276 break;
277
278 case CHUNK_TRAILER_CR:
279 if(*datap == 0x0a) {
280 ch->state = CHUNK_TRAILER_POSTCR;
281 datap++;
282 length--;
283 }
284 else
285 return CHUNKE_BAD_CHUNK;
286 break;
287
288 case CHUNK_TRAILER_POSTCR:
289 /* We enter this state when a CR should arrive so we expect to
290 have to first pass a CR before we wait for LF */
291 if((*datap != 0x0d) && (*datap != 0x0a)) {
292 /* not a CR then it must be another header in the trailer */
293 ch->state = CHUNK_TRAILER;
294 break;
295 }
296 if(*datap == 0x0d) {
297 /* skip if CR */
298 datap++;
299 length--;
300 }
301 /* now wait for the final LF */
302 ch->state = CHUNK_STOP;
303 break;
304
305 case CHUNK_STOP:
306 if(*datap == 0x0a) {
307 length--;
308
309 /* Record the length of any data left in the end of the buffer
310 even if there's no more chunks to read */
311 ch->datasize = curlx_sotouz(length);
312
313 return CHUNKE_STOP; /* return stop */
314 }
315 else
316 return CHUNKE_BAD_CHUNK;
317 }
318 }
319 return CHUNKE_OK;
320}
321
322const char *Curl_chunked_strerror(CHUNKcode code)
323{
324 switch(code) {
325 default:
326 return "OK";
327 case CHUNKE_TOO_LONG_HEX:
328 return "Too long hexadecimal number";
329 case CHUNKE_ILLEGAL_HEX:
330 return "Illegal or missing hexadecimal sequence";
331 case CHUNKE_BAD_CHUNK:
332 return "Malformed encoding found";
333 case CHUNKE_PASSTHRU_ERROR:
334 DEBUGASSERT(0); /* never used */
335 return "";
336 case CHUNKE_BAD_ENCODING:
337 return "Bad content-encoding found";
338 case CHUNKE_OUT_OF_MEMORY:
339 return "Out of memory";
340 }
341}
342
343#endif /* CURL_DISABLE_HTTP */
344