projects / project / uhttpd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
uhttpd/file: fix string out of buffer range on uh_defer_script
[project/uhttpd.git] / proc.c
1 /*
2 * uhttpd - Tiny single-threaded httpd
3 *
4 * Copyright (C) 2010-2013 Jo-Philipp Wich <xm@subsignal.org>
5 * Copyright (C) 2013 Felix Fietkau <nbd@openwrt.org>
6 *
7 * Permission to use, copy, modify, and/or distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
10 *
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 */
19
20 #include <arpa/inet.h>
21 #include <libubox/blobmsg.h>
22 #include "uhttpd.h"
23
24 #define __headers \
25 __header(accept, accept) \
26 __header(accept_charset, accept-charset) \
27 __header(accept_encoding, accept-encoding) \
28 __header(accept_language, accept-language) \
29 __header(authorization, authorization) \
30 __header(connection, connection) \
31 __header(cookie, cookie) \
32 __header(host, host) \
33 __header(origin, origin) \
34 __header(referer, referer) \
35 __header(user_agent, user-agent) \
36 __header(content_type, content-type) \
37 __header(content_length, content-length) \
38 __header(x_http_method_override, x-http-method-override) \
39 __header(http_auth_user, http-auth-user) \
40 __header(http_auth_pass, http-auth-pass)
41
42 #undef __header
43 #define __header __enum_header
44 enum client_hdr {
45 __headers
46 __HDR_MAX,
47 };
48
49 #undef __header
50 #define __header __blobmsg_header
51 static const struct blobmsg_policy hdr_policy[__HDR_MAX] = {
52 __headers
53 };
54
55 static const struct {
56 const char *name;
57 int idx;
58 } proc_header_env[] = {
59 { "HTTP_ACCEPT", HDR_accept },
60 { "HTTP_ACCEPT_CHARSET", HDR_accept_charset },
61 { "HTTP_ACCEPT_ENCODING", HDR_accept_encoding },
62 { "HTTP_ACCEPT_LANGUAGE", HDR_accept_language },
63 { "HTTP_AUTHORIZATION", HDR_authorization },
64 { "HTTP_CONNECTION", HDR_connection },
65 { "HTTP_COOKIE", HDR_cookie },
66 { "HTTP_HOST", HDR_host },
67 { "HTTP_ORIGIN", HDR_origin },
68 { "HTTP_REFERER", HDR_referer },
69 { "HTTP_USER_AGENT", HDR_user_agent },
70 { "HTTP_X_HTTP_METHOD_OVERRIDE", HDR_x_http_method_override },
71 { "HTTP_AUTH_USER", HDR_http_auth_user },
72 { "HTTP_AUTH_PASS", HDR_http_auth_pass },
73 { "CONTENT_TYPE", HDR_content_type },
74 { "CONTENT_LENGTH", HDR_content_length },
75 };
76
77 enum extra_vars {
78 /* no update needed */
79 _VAR_GW,
80 _VAR_SOFTWARE,
81
82 /* updated by uh_get_process_vars */
83 VAR_SCRIPT_NAME,
84 VAR_SCRIPT_FILE,
85 VAR_DOCROOT,
86 VAR_QUERY,
87 VAR_REQUEST,
88 VAR_PROTO,
89 VAR_METHOD,
90 VAR_PATH_INFO,
91 VAR_USER,
92 VAR_HTTPS,
93 VAR_REDIRECT,
94 VAR_SERVER_NAME,
95 VAR_SERVER_ADDR,
96 VAR_SERVER_PORT,
97 VAR_REMOTE_NAME,
98 VAR_REMOTE_ADDR,
99 VAR_REMOTE_PORT,
100
101 __VAR_MAX,
102 };
103
104 static char local_addr[INET6_ADDRSTRLEN], remote_addr[INET6_ADDRSTRLEN];
105 static char local_port[6], remote_port[6];
106 static char redirect_status[4];
107
108 static struct env_var extra_vars[] = {
109 [_VAR_GW] = { "GATEWAY_INTERFACE", "CGI/1.1" },
110 [_VAR_SOFTWARE] = { "SERVER_SOFTWARE", "uhttpd" },
111 [VAR_SCRIPT_NAME] = { "SCRIPT_NAME" },
112 [VAR_SCRIPT_FILE] = { "SCRIPT_FILENAME" },
113 [VAR_DOCROOT] = { "DOCUMENT_ROOT" },
114 [VAR_QUERY] = { "QUERY_STRING" },
115 [VAR_REQUEST] = { "REQUEST_URI" },
116 [VAR_PROTO] = { "SERVER_PROTOCOL" },
117 [VAR_METHOD] = { "REQUEST_METHOD" },
118 [VAR_PATH_INFO] = { "PATH_INFO" },
119 [VAR_USER] = { "REMOTE_USER" },
120 [VAR_HTTPS] = { "HTTPS" },
121 [VAR_REDIRECT] = { "REDIRECT_STATUS", redirect_status },
122 [VAR_SERVER_NAME] = { "SERVER_NAME", local_addr },
123 [VAR_SERVER_ADDR] = { "SERVER_ADDR", local_addr },
124 [VAR_SERVER_PORT] = { "SERVER_PORT", local_port },
125 [VAR_REMOTE_NAME] = { "REMOTE_HOST", remote_addr },
126 [VAR_REMOTE_ADDR] = { "REMOTE_ADDR", remote_addr },
127 [VAR_REMOTE_PORT] = { "REMOTE_PORT", remote_port },
128 };
129
130 struct env_var *uh_get_process_vars(struct client *cl, struct path_info *pi)
131 {
132 struct http_request *req = &cl->request;
133 struct blob_attr *data = cl->hdr.head;
134 struct env_var *vars = (void *) uh_buf;
135 struct blob_attr *tb[__HDR_MAX];
136 const char *url;
137 int len;
138 int i;
139
140 url = blobmsg_data(blob_data(cl->hdr.head));
141 len = ARRAY_SIZE(proc_header_env);
142 len += ARRAY_SIZE(extra_vars);
143 len *= sizeof(struct env_var);
144
145 BUILD_BUG_ON(sizeof(uh_buf) < len);
146
147 extra_vars[VAR_SCRIPT_NAME].value = pi->name;
148 extra_vars[VAR_SCRIPT_FILE].value = pi->phys;
149 extra_vars[VAR_DOCROOT].value = pi->root;
150 extra_vars[VAR_QUERY].value = pi->query ? pi->query : "";
151 extra_vars[VAR_REQUEST].value = url;
152 extra_vars[VAR_PROTO].value = http_versions[req->version];
153 extra_vars[VAR_METHOD].value = http_methods[req->method];
154 extra_vars[VAR_PATH_INFO].value = pi->info;
155 extra_vars[VAR_USER].value = req->realm ? req->realm->user : NULL;
156 extra_vars[VAR_HTTPS].value = cl->tls ? "on" : NULL;
157
158 snprintf(redirect_status, sizeof(redirect_status),
159 "%d", req->redirect_status);
160 inet_ntop(cl->srv_addr.family, &cl->srv_addr.in, local_addr, sizeof(local_addr));
161 snprintf(local_port, sizeof(local_port), "%d", cl->srv_addr.port);
162 inet_ntop(cl->peer_addr.family, &cl->peer_addr.in, remote_addr, sizeof(remote_addr));
163 snprintf(remote_port, sizeof(remote_port), "%d", cl->peer_addr.port);
164
165 blobmsg_parse(hdr_policy, __HDR_MAX, tb, blob_data(data), blob_len(data));
166 for (i = 0; i < ARRAY_SIZE(proc_header_env); i++) {
167 struct blob_attr *cur;
168
169 cur = tb[proc_header_env[i].idx];
170 vars[i].name = proc_header_env[i].name;
171 vars[i].value = cur ? blobmsg_data(cur) : NULL;
172 }
173
174 memcpy(&vars[i], extra_vars, sizeof(extra_vars));
175 i += ARRAY_SIZE(extra_vars);
176 vars[i].name = NULL;
177 vars[i].value = NULL;
178
179 return vars;
180 }
181
182 static void proc_close_fds(struct client *cl)
183 {
184 struct dispatch_proc *p = &cl->dispatch.proc;
185
186 close(p->r.sfd.fd.fd);
187 if (p->wrfd.fd >= 0)
188 close(p->wrfd.fd);
189 }
190
191 static void proc_handle_close(struct relay *r, int ret)
192 {
193 if (r->header_cb) {
194 uh_client_error(r->cl, 502, "Bad Gateway",
195 "The process did not produce any response");
196 return;
197 }
198
199 uh_request_done(r->cl);
200 }
201
202 static void proc_handle_header(struct relay *r, const char *name, const char *val)
203 {
204 static char status_buf[64];
205 struct client *cl = r->cl;
206 char *sep;
207 char buf[4];
208
209 if (!strcmp(name, "Status")) {
210 sep = strchr(val, ' ');
211 if (sep != val + 3)
212 return;
213
214 memcpy(buf, val, 3);
215 buf[3] = 0;
216 snprintf(status_buf, sizeof(status_buf), "%s", sep + 1);
217 cl->dispatch.proc.status_msg = status_buf;
218 cl->dispatch.proc.status_code = atoi(buf);
219 return;
220 }
221
222 blobmsg_add_string(&cl->dispatch.proc.hdr, name, val);
223 }
224
225 static void proc_handle_header_end(struct relay *r)
226 {
227 struct client *cl = r->cl;
228 struct blob_attr *cur;
229 int rem;
230
231 uh_http_header(cl, cl->dispatch.proc.status_code, cl->dispatch.proc.status_msg);
232 blob_for_each_attr(cur, cl->dispatch.proc.hdr.head, rem)
233 ustream_printf(cl->us, "%s: %s\r\n", blobmsg_name(cur),
234 blobmsg_get_string(cur));
235
236 ustream_printf(cl->us, "\r\n");
237
238 if (cl->request.method == UH_HTTP_MSG_HEAD)
239 r->skip_data = true;
240 }
241
242 static void proc_write_close(struct client *cl)
243 {
244 struct dispatch_proc *p = &cl->dispatch.proc;
245
246 if (p->wrfd.fd < 0)
247 return;
248
249 uloop_fd_delete(&p->wrfd);
250 close(p->wrfd.fd);
251 p->wrfd.fd = -1;
252 }
253
254 static void proc_free(struct client *cl)
255 {
256 struct dispatch_proc *p = &cl->dispatch.proc;
257
258 uloop_timeout_cancel(&p->timeout);
259 blob_buf_free(&p->hdr);
260 proc_write_close(cl);
261 uh_relay_free(&p->r);
262 }
263
264 static void proc_write_cb(struct uloop_fd *fd, unsigned int events)
265 {
266 struct client *cl = container_of(fd, struct client, dispatch.proc.wrfd);
267
268 client_poll_post_data(cl);
269 }
270
271 static void proc_relay_write_cb(struct client *cl)
272 {
273 struct dispatch_proc *p = &cl->dispatch.proc;
274
275 if (ustream_pending_data(cl->us, true))
276 return;
277
278 ustream_set_read_blocked(&p->r.sfd.stream, false);
279 p->r.sfd.stream.notify_read(&p->r.sfd.stream, 0);
280 }
281
282 static int proc_data_send(struct client *cl, const char *data, int len)
283 {
284 struct dispatch_proc *p = &cl->dispatch.proc;
285 int retlen = 0;
286 int ret;
287
288 while (len) {
289 ret = write(p->wrfd.fd, data, len);
290
291 if (ret < 0) {
292 if (errno == EINTR)
293 continue;
294
295 if (errno == EAGAIN || errno == EWOULDBLOCK)
296 break;
297
298 /* consume all data */
299 ret = len;
300 }
301
302 if (!ret)
303 break;
304
305 retlen += ret;
306 len -= ret;
307 data += ret;
308 }
309
310 if (len)
311 uloop_fd_add(&p->wrfd, ULOOP_WRITE);
312 else
313 uloop_fd_delete(&p->wrfd);
314
315 return retlen;
316 }
317
318 static void proc_timeout_cb(struct uloop_timeout *timeout)
319 {
320 struct dispatch_proc *proc = container_of(timeout, struct dispatch_proc, timeout);
321 struct client *cl = container_of(proc, struct client, dispatch.proc);
322
323 uh_relay_kill(cl, &proc->r);
324 }
325
326 bool uh_create_process(struct client *cl, struct path_info *pi, char *url,
327 void (*cb)(struct client *cl, struct path_info *pi, char *url))
328 {
329 struct dispatch *d = &cl->dispatch;
330 struct dispatch_proc *proc = &d->proc;
331 int rfd[2], wfd[2];
332 int pid;
333
334 blob_buf_init(&proc->hdr, 0);
335 proc->status_code = 200;
336 proc->status_msg = "OK";
337
338 if (pipe(rfd))
339 return false;
340
341 if (pipe(wfd))
342 goto close_rfd;
343
344 pid = fork();
345 if (pid < 0)
346 goto close_wfd;
347
348 if (!pid) {
349 close(0);
350 close(1);
351
352 dup2(rfd[1], 1);
353 dup2(wfd[0], 0);
354
355 close(rfd[0]);
356 close(rfd[1]);
357 close(wfd[0]);
358 close(wfd[1]);
359
360 uh_close_fds();
361 cb(cl, pi, url);
362 exit(0);
363 }
364
365 close(rfd[1]);
366 close(wfd[0]);
367
368 proc->wrfd.fd = wfd[1];
369 uh_relay_open(cl, &proc->r, rfd[0], pid);
370
371 d->free = proc_free;
372 d->close_fds = proc_close_fds;
373 d->data_send = proc_data_send;
374 d->data_done = proc_write_close;
375 d->write_cb = proc_relay_write_cb;
376 proc->r.header_cb = proc_handle_header;
377 proc->r.header_end = proc_handle_header_end;
378 proc->r.close = proc_handle_close;
379 proc->wrfd.cb = proc_write_cb;
380 proc->timeout.cb = proc_timeout_cb;
381 if (conf.script_timeout > 0)
382 uloop_timeout_set(&proc->timeout, conf.script_timeout * 1000);
383
384 return true;
385
386 close_wfd:
387 close(wfd[0]);
388 close(wfd[1]);
389 close_rfd:
390 close(rfd[0]);
391 close(rfd[1]);
392
393 return false;
394 }
Tiny HTTP server