From 961d455618726984ad94c71920dc3ef4a1700d70 Mon Sep 17 00:00:00 2001 From: Ryan Date: Tue, 9 Jun 2009 14:18:25 +0200 Subject: [PATCH 1/4] Add license file with Mongrel's license. --- LICENSE | 79 ++++++++++++++++++++++++++++++++++++++++++++++++++ http_parser.h | 7 ++--- http_parser.rl | 4 +-- 3 files changed, 83 insertions(+), 7 deletions(-) create mode 100644 LICENSE diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..7fb7fcd --- /dev/null +++ b/LICENSE @@ -0,0 +1,79 @@ +Copyright 2009, Ryan Lienhart Dahl. All rights reserved. +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to +deal in the Software without restriction, including without limitation the +rights to use, copy, modify, merge, publish, distribute, sublicense, and/or +sell copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS +IN THE SOFTWARE. + + + + +http_parser is based on Zed Shaw's Mongrel. Mongrel's license is as follows. + +-- CUT ---- CUT ---- CUT ---- CUT ---- CUT ---- CUT ---- CUT ---- CUT -- +Mongrel Web Server (Mongrel) is copyrighted free software by Zed A. Shaw + and contributors. You can redistribute it +and/or modify it under either the terms of the GPL2 or the conditions below: + +1. You may make and give away verbatim copies of the source form of the + software without restriction, provided that you duplicate all of the + original copyright notices and associated disclaimers. + +2. You may modify your copy of the software in any way, provided that + you do at least ONE of the following: + + a) place your modifications in the Public Domain or otherwise make them + Freely Available, such as by posting said modifications to Usenet or an + equivalent medium, or by allowing the author to include your + modifications in the software. + + b) use the modified software only within your corporation or + organization. + + c) rename any non-standard executables so the names do not conflict with + standard executables, which must also be provided. + + d) make other distribution arrangements with the author. + +3. You may distribute the software in object code or executable + form, provided that you do at least ONE of the following: + + a) distribute the executables and library files of the software, + together with instructions (in the manual page or equivalent) on where + to get the original distribution. + + b) accompany the distribution with the machine-readable source of the + software. + + c) give non-standard executables non-standard names, with + instructions on where to get the original software distribution. + + d) make other distribution arrangements with the author. + +4. You may modify and include the part of the software into any other + software (possibly commercial). But some files in the distribution + are not written by the author, so that they are not under this terms. + +5. The scripts and library files supplied as input to or produced as + output from the software do not automatically fall under the + copyright of the software, but belong to whomever generated them, + and may be sold commercially, and may be aggregated with this + software. + +6. THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR + IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + PURPOSE. +-- CUT ---- CUT ---- CUT ---- CUT ---- CUT ---- CUT ---- CUT ---- CUT -- diff --git a/http_parser.h b/http_parser.h index d41580e..c83a319 100644 --- a/http_parser.h +++ b/http_parser.h @@ -1,8 +1,7 @@ -/* Copyright (c) 2008 Ryan Dahl (ry@tinyclouds.org) - * All rights reserved. +/* Copyright (c) 2008, 2009 Ryan Dahl (ry@tinyclouds.org) + * Based on Zed Shaw's Mongrel, copyright (c) Zed A. Shaw * - * This parser is based on code from Zed Shaw's Mongrel. - * Copyright (c) 2005 Zed A. Shaw + * All rights reserved. * * Permission is hereby granted, free of charge, to any person obtaining * a copy of this software and associated documentation files (the diff --git a/http_parser.rl b/http_parser.rl index 3b4700f..7e13f1e 100644 --- a/http_parser.rl +++ b/http_parser.rl @@ -1,7 +1,5 @@ /* Copyright (c) 2008, 2009 Ryan Dahl (ry@tinyclouds.org) - * - * Based on Zed Shaw's Mongrel. - * Copyright (c) 2005 Zed A. Shaw + * Based on Zed Shaw's Mongrel, copyright (c) Zed A. Shaw * * All rights reserved. * From f6dc4f3d4bdf9a90b1638fc6cacaf36fd5ac578a Mon Sep 17 00:00:00 2001 From: Ryan Date: Tue, 9 Jun 2009 14:22:41 +0200 Subject: [PATCH 2/4] Add docs regarding the resetting of status_code --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 26c3e96..577d159 100644 --- a/README.md +++ b/README.md @@ -57,6 +57,12 @@ buffering the data is not necessary. If you need to save certain data for later usage, you can do that from the callbacks. (You can also `read()` into a heap allocated buffer to avoid copying memory around if this fits your application.) + +Scalar valued message information such as `status_code`, `method`, and the +HTTP version are stored in the parser structure. This data is only +temporarlly stored in `http_parser` and gets reset on each new message. If +this information is needed later, copy it out of the structure during the +`headers_complete` callback. The parser decodes the transfer-encoding for both requests and responses transparently. That is, a chunked encoding is decoded before being sent to From 1776708191e5ba7ac4b8a1e06d3a55f363cfbfe0 Mon Sep 17 00:00:00 2001 From: Ryan Date: Tue, 9 Jun 2009 14:30:57 +0200 Subject: [PATCH 3/4] stylistic clean ups. dont include assert.h unless NDEBUG --- http_parser.rl | 61 +++++++++++++++++++++++++------------------------- 1 file changed, 31 insertions(+), 30 deletions(-) diff --git a/http_parser.rl b/http_parser.rl index 7e13f1e..c136d66 100644 --- a/http_parser.rl +++ b/http_parser.rl @@ -23,8 +23,9 @@ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ #include "http_parser.h" - -#include +#ifndef NDEBUG +# include +#endif static int unhex[] = {-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1 ,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1 @@ -41,37 +42,38 @@ static int unhex[] = {-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1 #define NULL (void*)(0) #define REMAINING (pe - p) -#define CALLBACK(FOR) \ - if (parser->FOR##_mark && parser->on_##FOR) { \ - callback_return_value = \ - parser->on_##FOR(parser, parser->FOR##_mark, p - parser->FOR##_mark); \ +#define CALLBACK(FOR) \ + if (parser->FOR##_mark && parser->on_##FOR) { \ + callback_return_value = \ + parser->on_##FOR(parser, parser->FOR##_mark, \ + p - parser->FOR##_mark); \ } -#define RESET_PARSER(parser) \ - parser->chunk_size = 0; \ - parser->eating = 0; \ - parser->header_field_mark = NULL; \ - parser->header_value_mark = NULL; \ - parser->query_string_mark = NULL; \ - parser->path_mark = NULL; \ - parser->uri_mark = NULL; \ - parser->fragment_mark = NULL; \ - parser->status_code = 0; \ - parser->method = 0; \ - parser->transfer_encoding = HTTP_IDENTITY; \ - parser->version_major = 0; \ - parser->version_minor = 0; \ - parser->keep_alive = -1; \ - parser->content_length = 0; \ +#define RESET_PARSER(parser) \ + parser->chunk_size = 0; \ + parser->eating = 0; \ + parser->header_field_mark = NULL; \ + parser->header_value_mark = NULL; \ + parser->query_string_mark = NULL; \ + parser->path_mark = NULL; \ + parser->uri_mark = NULL; \ + parser->fragment_mark = NULL; \ + parser->status_code = 0; \ + parser->method = 0; \ + parser->transfer_encoding = HTTP_IDENTITY; \ + parser->version_major = 0; \ + parser->version_minor = 0; \ + parser->keep_alive = -1; \ + parser->content_length = 0; \ parser->body_read = 0; -#define END_REQUEST \ -do { \ - if (parser->on_message_complete) { \ - callback_return_value = \ - parser->on_message_complete(parser); \ - } \ - RESET_PARSER(parser); \ +#define END_REQUEST \ +do { \ + if (parser->on_message_complete) { \ + callback_return_value = \ + parser->on_message_complete(parser); \ + } \ + RESET_PARSER(parser); \ } while (0) #define SKIP_BODY(nskip) \ @@ -225,7 +227,6 @@ do { \ } } - CRLF = "\r\n"; # character types From 9f59cd926f242b5aa0bc04149368d1cb0078a461 Mon Sep 17 00:00:00 2001 From: Ryan Date: Tue, 9 Jun 2009 15:16:36 +0200 Subject: [PATCH 4/4] Check for buffer overflow attacks. --- README.md | 3 ++- http_parser.h | 7 ++++++ http_parser.rl | 64 +++++++++++++++++++++++++++++++++++++++++--------- 3 files changed, 62 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 577d159..e0c2b9c 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ HTTP Parser This is a parser for HTTP messages written in C. It parses both requests and responses. The parser is designed to be used in performance HTTP applications. It does not make any allocations, it does not buffer data, and -it can be interrupted at anytime. It only requires about 100 bytes of data +it can be interrupted at anytime. It only requires about 128 bytes of data per message stream (in a web server that is per connection). Features: @@ -22,6 +22,7 @@ Features: * http version * request path, query string, fragment * message body + * Defends against buffer overflow attacks. Usage ----- diff --git a/http_parser.h b/http_parser.h index c83a319..08163a4 100644 --- a/http_parser.h +++ b/http_parser.h @@ -71,14 +71,21 @@ struct http_parser { size_t chunk_size; unsigned eating:1; + unsigned buffer_overflow:1; size_t body_read; const char *header_field_mark; + size_t header_field_size; const char *header_value_mark; + size_t header_value_size; const char *query_string_mark; + size_t query_string_size; const char *path_mark; + size_t path_size; const char *uri_mark; + size_t uri_size; const char *fragment_mark; + size_t fragment_size; /** READ-ONLY **/ unsigned short status_code; /* responses only */ diff --git a/http_parser.rl b/http_parser.rl index c136d66..cb4c7f3 100644 --- a/http_parser.rl +++ b/http_parser.rl @@ -41,13 +41,24 @@ static int unhex[] = {-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1 #define MIN(a,b) (a < b ? a : b) #define NULL (void*)(0) +#define MAX_FIELD_SIZE 80*1024 + #define REMAINING (pe - p) #define CALLBACK(FOR) \ - if (parser->FOR##_mark && parser->on_##FOR) { \ - callback_return_value = \ - parser->on_##FOR(parser, parser->FOR##_mark, \ - p - parser->FOR##_mark); \ - } +do { \ + if (parser->FOR##_mark) { \ + parser->FOR##_size += p - parser->FOR##_mark; \ + if (parser->FOR##_size > MAX_FIELD_SIZE) { \ + parser->buffer_overflow = TRUE; \ + return 0; \ + } \ + if (parser->on_##FOR) { \ + callback_return_value = parser->on_##FOR(parser, \ + parser->FOR##_mark, \ + p - parser->FOR##_mark); \ + } \ + } \ +} while(0) #define RESET_PARSER(parser) \ parser->chunk_size = 0; \ @@ -100,47 +111,76 @@ do { \ %%{ machine http_parser; - action mark_header_field { parser->header_field_mark = p; } - action mark_header_value { parser->header_value_mark = p; } - action mark_fragment { parser->fragment_mark = p; } - action mark_query_string { parser->query_string_mark = p; } - action mark_request_path { parser->path_mark = p; } - action mark_request_uri { parser->uri_mark = p; } + action mark_header_field { + parser->header_field_mark = p; + parser->header_field_size = 0; + } + + action mark_header_value { + parser->header_value_mark = p; + parser->header_value_size = 0; + } + + action mark_fragment { + parser->fragment_mark = p; + parser->fragment_size = 0; + } + + action mark_query_string { + parser->query_string_mark = p; + parser->query_string_size = 0; + } + + action mark_request_path { + parser->path_mark = p; + parser->path_size = 0; + } + + action mark_request_uri { + parser->uri_mark = p; + parser->uri_size = 0; + } action header_field { CALLBACK(header_field); if (callback_return_value != 0) fbreak; parser->header_field_mark = NULL; + parser->header_field_size = 0; } action header_value { CALLBACK(header_value); if (callback_return_value != 0) fbreak; parser->header_value_mark = NULL; + parser->header_value_size = 0; } action request_uri { CALLBACK(uri); if (callback_return_value != 0) fbreak; parser->uri_mark = NULL; + parser->uri_size = 0; } action fragment { CALLBACK(fragment); if (callback_return_value != 0) fbreak; parser->fragment_mark = NULL; + parser->fragment_size = 0; } action query_string { CALLBACK(query_string); if (callback_return_value != 0) fbreak; parser->query_string_mark = NULL; + parser->query_string_size = 0; } action request_path { CALLBACK(path); if (callback_return_value != 0) fbreak; parser->path_mark = NULL; + parser->path_size = 0; } action headers_complete { @@ -347,6 +387,7 @@ http_parser_init (http_parser *parser, enum http_parser_type type) %% write init; parser->cs = cs; parser->type = type; + parser->buffer_overflow = 0; parser->on_message_begin = NULL; parser->on_path = NULL; @@ -405,6 +446,7 @@ out: int http_parser_has_error (http_parser *parser) { + if (parser->buffer_overflow) return TRUE; return parser->cs == http_parser_error; }