1/***************************************************************************
2 *                                  _   _ ____  _
3 *  Project                     ___| | | |  _ \| |
4 *                             / __| | | | |_) | |
5 *                            | (__| |_| |  _ <| |___
6 *                             \___|\___/|_| \_\_____|
7 *
8 * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
9 *
10 * This software is licensed as described in the file COPYING, which
11 * you should have received as part of this distribution. The terms
12 * are also available at http://curl.haxx.se/docs/copyright.html.
13 *
14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 * copies of the Software, and permit persons to whom the Software is
16 * furnished to do so, under the terms of the COPYING file.
17 *
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 * KIND, either express or implied.
20 *
21 ***************************************************************************/
22
23#include "curl_setup.h"
24
25#ifndef CURL_DISABLE_HTTP
26
27#include "urldata.h" /* it includes http_chunks.h */
28#include "sendf.h"   /* for the client write stuff */
29
30#include "content_encoding.h"
31#include "http.h"
32#include "curl_memory.h"
33#include "non-ascii.h" /* for Curl_convert_to_network prototype */
34
35#define _MPRINTF_REPLACE /* use our functions only */
36#include <curl/mprintf.h>
37
38/* The last #include file should be: */
39#include "memdebug.h"
40
41/*
42 * Chunk format (simplified):
43 *
44 * <HEX SIZE>[ chunk extension ] CRLF
45 * <DATA> CRLF
46 *
47 * Highlights from RFC2616 section 3.6 say:
48
49   The chunked encoding modifies the body of a message in order to
50   transfer it as a series of chunks, each with its own size indicator,
51   followed by an OPTIONAL trailer containing entity-header fields. This
52   allows dynamically produced content to be transferred along with the
53   information necessary for the recipient to verify that it has
54   received the full message.
55
56       Chunked-Body   = *chunk
57                        last-chunk
58                        trailer
59                        CRLF
60
61       chunk          = chunk-size [ chunk-extension ] CRLF
62                        chunk-data CRLF
63       chunk-size     = 1*HEX
64       last-chunk     = 1*("0") [ chunk-extension ] CRLF
65
66       chunk-extension= *( ";" chunk-ext-name [ "=" chunk-ext-val ] )
67       chunk-ext-name = token
68       chunk-ext-val  = token | quoted-string
69       chunk-data     = chunk-size(OCTET)
70       trailer        = *(entity-header CRLF)
71
72   The chunk-size field is a string of hex digits indicating the size of
73   the chunk. The chunked encoding is ended by any chunk whose size is
74   zero, followed by the trailer, which is terminated by an empty line.
75
76 */
77
78/* Check for an ASCII hex digit.
79 We avoid the use of isxdigit to accommodate non-ASCII hosts. */
80static bool Curl_isxdigit(char digit)
81{
82  return ( (digit >= 0x30 && digit <= 0x39) /* 0-9 */
83        || (digit >= 0x41 && digit <= 0x46) /* A-F */
84        || (digit >= 0x61 && digit <= 0x66) /* a-f */ ) ? TRUE : FALSE;
85}
86
87void Curl_httpchunk_init(struct connectdata *conn)
88{
89  struct Curl_chunker *chunk = &conn->chunk;
90  chunk->hexindex=0; /* start at 0 */
91  chunk->dataleft=0; /* no data left yet! */
92  chunk->state = CHUNK_HEX; /* we get hex first! */
93}
94
95/*
96 * chunk_read() returns a OK for normal operations, or a positive return code
97 * for errors. STOP means this sequence of chunks is complete.  The 'wrote'
98 * argument is set to tell the caller how many bytes we actually passed to the
99 * client (for byte-counting and whatever).
100 *
101 * The states and the state-machine is further explained in the header file.
102 *
103 * This function always uses ASCII hex values to accommodate non-ASCII hosts.
104 * For example, 0x0d and 0x0a are used instead of '\r' and '\n'.
105 */
106CHUNKcode Curl_httpchunk_read(struct connectdata *conn,
107                              char *datap,
108                              ssize_t datalen,
109                              ssize_t *wrotep)
110{
111  CURLcode result=CURLE_OK;
112  struct SessionHandle *data = conn->data;
113  struct Curl_chunker *ch = &conn->chunk;
114  struct SingleRequest *k = &data->req;
115  size_t piece;
116  size_t length = (size_t)datalen;
117  size_t *wrote = (size_t *)wrotep;
118
119  *wrote = 0; /* nothing's written yet */
120
121  /* the original data is written to the client, but we go on with the
122     chunk read process, to properly calculate the content length*/
123  if(data->set.http_te_skip && !k->ignorebody) {
124    result = Curl_client_write(conn, CLIENTWRITE_BODY, datap, datalen);
125    if(result)
126      return CHUNKE_WRITE_ERROR;
127  }
128
129  while(length) {
130    switch(ch->state) {
131    case CHUNK_HEX:
132      if(Curl_isxdigit(*datap)) {
133        if(ch->hexindex < MAXNUM_SIZE) {
134          ch->hexbuffer[ch->hexindex] = *datap;
135          datap++;
136          length--;
137          ch->hexindex++;
138        }
139        else {
140          return CHUNKE_TOO_LONG_HEX; /* longer hex than we support */
141        }
142      }
143      else {
144        if(0 == ch->hexindex) {
145          /* This is illegal data, we received junk where we expected
146             a hexadecimal digit. */
147          return CHUNKE_ILLEGAL_HEX;
148        }
149        /* length and datap are unmodified */
150        ch->hexbuffer[ch->hexindex]=0;
151
152        /* convert to host encoding before calling strtoul */
153        result = Curl_convert_from_network(conn->data, ch->hexbuffer,
154                                           ch->hexindex);
155        if(result) {
156          /* Curl_convert_from_network calls failf if unsuccessful */
157          /* Treat it as a bad hex character */
158          return(CHUNKE_ILLEGAL_HEX);
159        }
160
161        ch->datasize=strtoul(ch->hexbuffer, NULL, 16);
162        ch->state = CHUNK_POSTHEX;
163      }
164      break;
165
166    case CHUNK_POSTHEX:
167      /* In this state, we're waiting for CRLF to arrive. We support
168         this to allow so called chunk-extensions to show up here
169         before the CRLF comes. */
170      if(*datap == 0x0d)
171        ch->state = CHUNK_CR;
172      length--;
173      datap++;
174      break;
175
176    case CHUNK_CR:
177      /* waiting for the LF */
178      if(*datap == 0x0a) {
179        /* we're now expecting data to come, unless size was zero! */
180        if(0 == ch->datasize) {
181          ch->state = CHUNK_TRAILER; /* now check for trailers */
182          conn->trlPos=0;
183        }
184        else {
185          ch->state = CHUNK_DATA;
186        }
187      }
188      else
189        /* previously we got a fake CR, go back to CR waiting! */
190        ch->state = CHUNK_CR;
191      datap++;
192      length--;
193      break;
194
195    case CHUNK_DATA:
196      /* we get pure and fine data
197
198         We expect another 'datasize' of data. We have 'length' right now,
199         it can be more or less than 'datasize'. Get the smallest piece.
200      */
201      piece = (ch->datasize >= length)?length:ch->datasize;
202
203      /* Write the data portion available */
204#ifdef HAVE_LIBZ
205      switch (conn->data->set.http_ce_skip?
206              IDENTITY : data->req.auto_decoding) {
207      case IDENTITY:
208#endif
209        if(!k->ignorebody) {
210          if(!data->set.http_te_skip)
211            result = Curl_client_write(conn, CLIENTWRITE_BODY, datap,
212                                       piece);
213          else
214            result = CURLE_OK;
215        }
216#ifdef HAVE_LIBZ
217        break;
218
219      case DEFLATE:
220        /* update data->req.keep.str to point to the chunk data. */
221        data->req.str = datap;
222        result = Curl_unencode_deflate_write(conn, &data->req,
223                                             (ssize_t)piece);
224        break;
225
226      case GZIP:
227        /* update data->req.keep.str to point to the chunk data. */
228        data->req.str = datap;
229        result = Curl_unencode_gzip_write(conn, &data->req,
230                                          (ssize_t)piece);
231        break;
232
233      case COMPRESS:
234      default:
235        failf (conn->data,
236               "Unrecognized content encoding type. "
237               "libcurl understands `identity', `deflate' and `gzip' "
238               "content encodings.");
239        return CHUNKE_BAD_ENCODING;
240      }
241#endif
242
243      if(result)
244        return CHUNKE_WRITE_ERROR;
245
246      *wrote += piece;
247
248      ch->datasize -= piece; /* decrease amount left to expect */
249      datap += piece;    /* move read pointer forward */
250      length -= piece;   /* decrease space left in this round */
251
252      if(0 == ch->datasize)
253        /* end of data this round, we now expect a trailing CRLF */
254        ch->state = CHUNK_POSTCR;
255      break;
256
257    case CHUNK_POSTCR:
258      if(*datap == 0x0d) {
259        ch->state = CHUNK_POSTLF;
260        datap++;
261        length--;
262      }
263      else
264        return CHUNKE_BAD_CHUNK;
265
266      break;
267
268    case CHUNK_POSTLF:
269      if(*datap == 0x0a) {
270        /*
271         * The last one before we go back to hex state and start all
272         * over.
273         */
274        Curl_httpchunk_init(conn);
275        datap++;
276        length--;
277      }
278      else
279        return CHUNKE_BAD_CHUNK;
280
281      break;
282
283    case CHUNK_TRAILER:
284      if(*datap == 0x0d) {
285        /* this is the end of a trailer, but if the trailer was zero bytes
286           there was no trailer and we move on */
287
288        if(conn->trlPos) {
289          /* we allocate trailer with 3 bytes extra room to fit this */
290          conn->trailer[conn->trlPos++]=0x0d;
291          conn->trailer[conn->trlPos++]=0x0a;
292          conn->trailer[conn->trlPos]=0;
293
294          /* Convert to host encoding before calling Curl_client_write */
295          result = Curl_convert_from_network(conn->data, conn->trailer,
296                                             conn->trlPos);
297          if(result)
298            /* Curl_convert_from_network calls failf if unsuccessful */
299            /* Treat it as a bad chunk */
300            return CHUNKE_BAD_CHUNK;
301
302          if(!data->set.http_te_skip) {
303            result = Curl_client_write(conn, CLIENTWRITE_HEADER,
304                                       conn->trailer, conn->trlPos);
305            if(result)
306              return CHUNKE_WRITE_ERROR;
307          }
308          conn->trlPos=0;
309          ch->state = CHUNK_TRAILER_CR;
310        }
311        else {
312          /* no trailer, we're on the final CRLF pair */
313          ch->state = CHUNK_TRAILER_POSTCR;
314          break; /* don't advance the pointer */
315        }
316      }
317      else {
318        /* conn->trailer is assumed to be freed in url.c on a
319           connection basis */
320        if(conn->trlPos >= conn->trlMax) {
321          /* we always allocate three extra bytes, just because when the full
322             header has been received we append CRLF\0 */
323          char *ptr;
324          if(conn->trlMax) {
325            conn->trlMax *= 2;
326            ptr = realloc(conn->trailer, conn->trlMax + 3);
327          }
328          else {
329            conn->trlMax=128;
330            ptr = malloc(conn->trlMax + 3);
331          }
332          if(!ptr)
333            return CHUNKE_OUT_OF_MEMORY;
334          conn->trailer = ptr;
335        }
336        conn->trailer[conn->trlPos++]=*datap;
337      }
338      datap++;
339      length--;
340      break;
341
342    case CHUNK_TRAILER_CR:
343      if(*datap == 0x0a) {
344        ch->state = CHUNK_TRAILER_POSTCR;
345        datap++;
346        length--;
347      }
348      else
349        return CHUNKE_BAD_CHUNK;
350      break;
351
352    case CHUNK_TRAILER_POSTCR:
353      /* We enter this state when a CR should arrive so we expect to
354         have to first pass a CR before we wait for LF */
355      if(*datap != 0x0d) {
356        /* not a CR then it must be another header in the trailer */
357        ch->state = CHUNK_TRAILER;
358        break;
359      }
360      datap++;
361      length--;
362      /* now wait for the final LF */
363      ch->state = CHUNK_STOP;
364      break;
365
366    case CHUNK_STOPCR:
367      /* Read the final CRLF that ends all chunk bodies */
368
369      if(*datap == 0x0d) {
370        ch->state = CHUNK_STOP;
371        datap++;
372        length--;
373      }
374      else
375        return CHUNKE_BAD_CHUNK;
376      break;
377
378    case CHUNK_STOP:
379      if(*datap == 0x0a) {
380        length--;
381
382        /* Record the length of any data left in the end of the buffer
383           even if there's no more chunks to read */
384
385        ch->dataleft = length;
386        return CHUNKE_STOP; /* return stop */
387      }
388      else
389        return CHUNKE_BAD_CHUNK;
390
391    default:
392      return CHUNKE_STATE_ERROR;
393    }
394  }
395  return CHUNKE_OK;
396}
397#endif /* CURL_DISABLE_HTTP */
398