Bug Summary

File:lib/lwan-mod-rewrite.c
Warning:line 614, column 5
Attempt to free released memory

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple x86_64-pc-linux-gnu -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name lwan-mod-rewrite.c -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 2 -fhalf-no-semantic-interposition -mframe-pointer=all -fmath-errno -fno-rounding-math -mconstructor-aliases -fno-plt -munwind-tables -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/home/buildbot/lwan-worker/clang-analyze/build/src/lib -resource-dir /usr/lib/clang/13.0.1 -include /home/buildbot/lwan-worker/clang-analyze/build/lwan-build-config.h -D _FILE_OFFSET_BITS=64 -D _TIME_BITS=64 -I /home/buildbot/lwan-worker/clang-analyze/build/src/lib/missing -I /usr/include/luajit-2.1 -I /usr/include/valgrind -I /home/buildbot/lwan-worker/clang-analyze/build/src/lib -I /home/buildbot/lwan-worker/clang-analyze/build -internal-isystem /usr/lib/clang/13.0.1/include -internal-isystem /usr/local/include -internal-isystem /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/11.2.0/../../../../x86_64-pc-linux-gnu/include -internal-externc-isystem /include -internal-externc-isystem /usr/include -Wno-unused-parameter -Wno-free-nonheap-object -std=gnu99 -fdebug-compilation-dir=/home/buildbot/lwan-worker/clang-analyze/build/src/lib -ferror-limit 19 -stack-protector 2 -fgnuc-version=4.2.1 -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /home/buildbot/lwan-worker/clang-analyze/CLANG/2022-03-15-064851-2955116-1 -x c /home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-mod-rewrite.c
1/*
2 * lwan - simple web server
3 * Copyright (c) 2015 L. A. F. Pereira <l@tia.mat.br>
4 *
5 * This program is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU General Public License
7 * as published by the Free Software Foundation; either version 2
8 * of the License, or any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
18 * USA.
19 */
20
21#define _GNU_SOURCE
22#include <ctype.h>
23#include <limits.h>
24#include <stdlib.h>
25#include <string.h>
26#include <sys/stat.h>
27
28#include "lwan-private.h"
29
30#include "patterns.h"
31#include "lwan-array.h"
32#include "lwan-mod-rewrite.h"
33#include "lwan-strbuf.h"
34
35#ifdef HAVE_LUA
36#include <lauxlib.h>
37#include <lua.h>
38#include <lualib.h>
39
40#include "lwan-lua.h"
41#endif
42
43enum pattern_flag {
44 PATTERN_HANDLE_REWRITE = 1 << 0,
45 PATTERN_HANDLE_REDIRECT = 1 << 1,
46 PATTERN_HANDLE_MASK = PATTERN_HANDLE_REWRITE | PATTERN_HANDLE_REDIRECT,
47
48 PATTERN_EXPAND_LWAN = 1 << 2,
49 PATTERN_EXPAND_LUA = 1 << 3,
50 PATTERN_EXPAND_MASK = PATTERN_EXPAND_LWAN | PATTERN_EXPAND_LUA,
51
52 PATTERN_COND_COOKIE = 1 << 4,
53 PATTERN_COND_ENV_VAR = 1 << 5,
54 PATTERN_COND_STAT = 1 << 6,
55 PATTERN_COND_QUERY_VAR = 1 << 7,
56 PATTERN_COND_POST_VAR = 1 << 8,
57 PATTERN_COND_HEADER = 1 << 9,
58 PATTERN_COND_LUA = 1 << 10,
59 PATTERN_COND_METHOD = 1 << 11,
60 PATTERN_COND_ACCEPT_ENCODING = 1 << 12,
61 PATTERN_COND_PROXIED = 1 << 13,
62 PATTERN_COND_HTTP10 = 1 << 14,
63 PATTERN_COND_HAS_QUERY_STRING = 1 << 15,
64 PATTERN_COND_HTTPS = 1 << 16,
65 PATTERN_COND_MASK = PATTERN_COND_COOKIE | PATTERN_COND_ENV_VAR |
66 PATTERN_COND_STAT | PATTERN_COND_QUERY_VAR |
67 PATTERN_COND_POST_VAR | PATTERN_COND_HEADER |
68 PATTERN_COND_LUA | PATTERN_COND_METHOD |
69 PATTERN_COND_ACCEPT_ENCODING |
70 PATTERN_COND_PROXIED | PATTERN_COND_HTTP10 |
71 PATTERN_COND_HAS_QUERY_STRING |
72 PATTERN_COND_HTTPS,
73
74 PATTERN_COND_STAT__HAS_IS_FILE = 1 << 17,
75 PATTERN_COND_STAT__HAS_IS_DIR = 1 << 18,
76 PATTERN_COND_STAT__IS_FILE = 1 << 19,
77 PATTERN_COND_STAT__IS_DIR = 1 << 20,
78
79 PATTERN_COND_STAT__FILE_CHECK =
80 PATTERN_COND_STAT__HAS_IS_FILE | PATTERN_COND_STAT__IS_FILE,
81 PATTERN_COND_STAT__DIR_CHECK =
82 PATTERN_COND_STAT__HAS_IS_DIR | PATTERN_COND_STAT__IS_DIR,
83
84 PATTERN_COND_HTTPS__IS_HTTPS = 1 << 21,
85};
86
87struct pattern {
88 char *pattern;
89 char *expand_pattern;
90 struct {
91 struct lwan_key_value cookie;
92 struct lwan_key_value env_var;
93 struct lwan_key_value query_var;
94 struct lwan_key_value post_var;
95 struct lwan_key_value header;
96 struct {
97 char *path;
98 } stat;
99 struct {
100 char *script;
101 } lua;
102 enum lwan_request_flags request_flags;
103 /* FIXME: Use pahole to find alignment holes? */
104 } condition;
105 enum pattern_flag flags;
106};
107
108DEFINE_ARRAY_TYPE(pattern_array, struct pattern)struct pattern_array { struct lwan_array base; }; __attribute__
((unused)) static inline struct pattern *pattern_array_append
( struct pattern_array *array) { return (struct pattern *)lwan_array_append_heap
(&array->base, sizeof(struct pattern)); } __attribute__
((unused)) static inline struct pattern_array *coro_pattern_array_new
(struct coro *coro) { return (struct pattern_array *)coro_lwan_array_new
(coro, 0); } __attribute__((unused)) static inline struct pattern
*pattern_array_get_array(struct pattern_array *array) { return
(struct pattern *)array->base.base; } __attribute__((unused
)) __attribute__((nonnull(1))) static inline void pattern_array_init
( struct pattern_array *array) { array->base = (struct lwan_array
){.base = ((void*)0), .elements = 0}; } __attribute__((unused
)) static inline int pattern_array_reset( struct pattern_array
*array) { return lwan_array_reset(&array->base, ((void
*)0)); } __attribute__((unused)) static inline struct pattern
*pattern_array_append0(struct pattern_array *array) { struct
pattern *element = pattern_array_append(array); if (element)
memset(element, 0, sizeof(*element)); return element; } __attribute__
((unused)) static inline void pattern_array_sort( struct pattern_array
*array, int (*cmp)(const void *a, const void *b)) { lwan_array_sort
(&array->base, sizeof(struct pattern), cmp); } __attribute__
((unused)) static inline size_t pattern_array_get_elem_index(
const struct pattern_array *array, struct pattern *elem) { (
(void) sizeof ((elem >= (struct pattern *)array->base.base
) ? 1 : 0), __extension__ ({ if (elem >= (struct pattern *
)array->base.base) ; else __assert_fail ("elem >= (struct pattern *)array->base.base"
, "/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-mod-rewrite.c"
, 108, __extension__ __PRETTY_FUNCTION__); })); ((void) sizeof
((elem < (struct pattern *)array->base.base + array->
base.elements) ? 1 : 0), __extension__ ({ if (elem < (struct
pattern *)array->base.base + array->base.elements) ; else
__assert_fail ("elem < (struct pattern *)array->base.base + array->base.elements"
, "/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-mod-rewrite.c"
, 108, __extension__ __PRETTY_FUNCTION__); })); return (size_t
)(elem - (struct pattern *)array->base.base); } __attribute__
((unused)) static inline struct pattern *pattern_array_get_elem
(const struct pattern_array *array, size_t index) { ((void) sizeof
((index <= array->base.elements) ? 1 : 0), __extension__
({ if (index <= array->base.elements) ; else __assert_fail
("index <= array->base.elements", "/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-mod-rewrite.c"
, 108, __extension__ __PRETTY_FUNCTION__); })); return &(
(struct pattern *)array->base.base)[index]; } __attribute__
((unused)) static inline size_t pattern_array_len( const struct
pattern_array *array) { return array->base.elements; }
109
110struct private_data {
111 struct pattern_array patterns;
112};
113
114static enum lwan_http_status module_redirect_to(struct lwan_request *request,
115 const char *url)
116{
117 const struct lwan_key_value headers[] = {
118 {"Location", coro_strdup(request->conn->coro, url)},
119 {},
120 };
121
122 request->response.headers =
123 coro_memdup(request->conn->coro, headers, sizeof(headers));
124
125 if (LIKELY(headers[0].value && request->response.headers)__builtin_expect((!!(headers[0].value && request->
response.headers)), (1))
)
126 return HTTP_MOVED_PERMANENTLY;
127
128 return HTTP_INTERNAL_ERROR;
129}
130
131static enum lwan_http_status module_rewrite_as(struct lwan_request *request,
132 const char *url)
133{
134 request->url.value = coro_strdup(request->conn->coro, url);
135
136 if (UNLIKELY(!request->url.value)__builtin_expect(((!request->url.value)), (0)))
137 return HTTP_INTERNAL_ERROR;
138
139 request->url.len = strlen(request->url.value);
140 request->original_url = request->url;
141 request->flags |= RESPONSE_URL_REWRITTEN;
142
143 return HTTP_OK;
144}
145
146#define MAX_INT_DIGITS(3 * sizeof(int)) (3 * sizeof(int))
147
148static __attribute__((noinline)) int parse_int_len(const char *s, size_t len,
149 int default_value)
150{
151 if (UNLIKELY(len > MAX_INT_DIGITS)__builtin_expect(((len > (3 * sizeof(int)))), (0)))
152 return default_value;
153
154 return parse_int(strndupa(s, len)(__extension__ ({ const char *__old = (s); size_t __len = strnlen
(__old, (len)); char *__new = (char *) __builtin_alloca (__len
+ 1); __new[__len] = '\0'; (char *) memcpy (__new, __old, __len
); }))
, default_value);
155}
156
157static const char *expand_string(const char *expand_pattern,
158 const char *orig,
159 char buffer[static PATH_MAX4096],
160 const struct str_find *sf,
161 int captures)
162{
163 struct lwan_strbuf strbuf;
164 const char *ptr;
165
166 ptr = strchr(expand_pattern, '%');
167 if (!ptr)
168 return expand_pattern;
169
170 if (!lwan_strbuf_init_with_fixed_buffer(&strbuf, buffer, PATH_MAX4096))
171 return NULL((void*)0);
172
173 do {
174 size_t index_len = strspn(ptr + 1, "0123456789");
175
176 if (ptr > expand_pattern) {
177 const size_t len = (size_t)(ptr - expand_pattern);
178
179 if (UNLIKELY(!lwan_strbuf_append_str(&strbuf, expand_pattern, len))__builtin_expect(((!lwan_strbuf_append_str(&strbuf, expand_pattern
, len))), (0))
)
180 return NULL((void*)0);
181
182 expand_pattern += len;
183 }
184
185 if (LIKELY(index_len > 0)__builtin_expect((!!(index_len > 0)), (1))) {
186 const int index = parse_int_len(ptr + 1, index_len, -1);
187
188 if (UNLIKELY(index < 0 || index > captures)__builtin_expect(((index < 0 || index > captures)), (0)
)
)
189 return NULL((void*)0);
190
191 if (UNLIKELY(!lwan_strbuf_append_str(__builtin_expect(((!lwan_strbuf_append_str( &strbuf, orig
+ sf[index].sm_so, (size_t)(sf[index].sm_eo - sf[index].sm_so
)))), (0))
192 &strbuf, orig + sf[index].sm_so,__builtin_expect(((!lwan_strbuf_append_str( &strbuf, orig
+ sf[index].sm_so, (size_t)(sf[index].sm_eo - sf[index].sm_so
)))), (0))
193 (size_t)(sf[index].sm_eo - sf[index].sm_so)))__builtin_expect(((!lwan_strbuf_append_str( &strbuf, orig
+ sf[index].sm_so, (size_t)(sf[index].sm_eo - sf[index].sm_so
)))), (0))
)
194 return NULL((void*)0);
195
196 expand_pattern += index_len;
197 } else if (UNLIKELY(!lwan_strbuf_append_char(&strbuf, '%'))__builtin_expect(((!lwan_strbuf_append_char(&strbuf, '%')
)), (0))
) {
198 return NULL((void*)0);
199 }
200
201 expand_pattern++;
202 } while ((ptr = strchr(expand_pattern, '%')));
203
204 const size_t remaining_len = strlen(expand_pattern);
205 if (remaining_len &&
206 !lwan_strbuf_append_str(&strbuf, expand_pattern, remaining_len))
207 return NULL((void*)0);
208
209 if (UNLIKELY(!lwan_strbuf_get_length(&strbuf))__builtin_expect(((!lwan_strbuf_get_length(&strbuf))), (0
))
)
210 return NULL((void*)0);
211
212 return lwan_strbuf_get_buffer(&strbuf);
213}
214
215static ALWAYS_INLINEinline __attribute__((always_inline)) const char *expand(const struct pattern *pattern,
216 const char *orig,
217 char buffer[static PATH_MAX4096],
218 const struct str_find *sf,
219 int captures)
220{
221 return expand_string(pattern->expand_pattern, orig, buffer, sf, captures);
222}
223
224#ifdef HAVE_LUA
225static void
226lua_close_defer(void *data)
227{
228 lua_close((lua_State *)data);
229}
230
231static const char *expand_lua(struct lwan_request *request,
232 struct pattern *pattern, const char *orig,
233 char buffer[static PATH_MAX4096],
234 const struct str_find *sf, int captures)
235{
236 const char *output;
237 size_t output_len;
238 int i;
239 lua_State *L;
240
241 L = lwan_lua_create_state(NULL((void*)0), pattern->expand_pattern);
242 if (UNLIKELY(!L)__builtin_expect(((!L)), (0)))
243 return NULL((void*)0);
244 coro_defer(request->conn->coro, lua_close_defer, L);
245
246 lua_getglobal(L, "handle_rewrite")lua_getfield(L, (-10002), ("handle_rewrite"));
247 if (!lua_isfunction(L, -1)(lua_type(L, (-1)) == 6)) {
248 lwan_status_error(lwan_status_error_debug("/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-mod-rewrite.c"
, 250, __FUNCTION__, "Could not obtain reference to `handle_rewrite()` function: %s"
, lwan_lua_state_last_error(L))
249 "Could not obtain reference to `handle_rewrite()` function: %s",lwan_status_error_debug("/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-mod-rewrite.c"
, 250, __FUNCTION__, "Could not obtain reference to `handle_rewrite()` function: %s"
, lwan_lua_state_last_error(L))
250 lwan_lua_state_last_error(L))lwan_status_error_debug("/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-mod-rewrite.c"
, 250, __FUNCTION__, "Could not obtain reference to `handle_rewrite()` function: %s"
, lwan_lua_state_last_error(L))
;
251 return NULL((void*)0);
252 }
253
254 lwan_lua_state_push_request(L, request);
255
256 lua_createtable(L, captures, 0);
257 for (i = 0; i < captures; i++) {
258 lua_pushinteger(L, i);
259 lua_pushlstring(L, orig + sf[i].sm_so,
260 (size_t)(sf[i].sm_eo - sf[i].sm_so));
261 lua_settable(L, -3);
262 }
263
264 if (lua_pcall(L, 2, 1, 0) != 0) {
265 lwan_status_error("Could not execute `handle_rewrite()` function: %s",lwan_status_error_debug("/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-mod-rewrite.c"
, 266, __FUNCTION__, "Could not execute `handle_rewrite()` function: %s"
, lwan_lua_state_last_error(L))
266 lwan_lua_state_last_error(L))lwan_status_error_debug("/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-mod-rewrite.c"
, 266, __FUNCTION__, "Could not execute `handle_rewrite()` function: %s"
, lwan_lua_state_last_error(L))
;
267 return NULL((void*)0);
268 }
269
270 output = lua_tolstring(L, -1, &output_len);
271 if (output_len >= PATH_MAX4096) {
272 lwan_status_error("Rewritten URL exceeds %d bytes (got %zu bytes)",lwan_status_error_debug("/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-mod-rewrite.c"
, 273, __FUNCTION__, "Rewritten URL exceeds %d bytes (got %zu bytes)"
, 4096, output_len)
273 PATH_MAX, output_len)lwan_status_error_debug("/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-mod-rewrite.c"
, 273, __FUNCTION__, "Rewritten URL exceeds %d bytes (got %zu bytes)"
, 4096, output_len)
;
274 return NULL((void*)0);
275 }
276
277 return memcpy(buffer, output, output_len + 1);
278}
279#endif
280
281static bool_Bool condition_matches(struct lwan_request *request,
282 const struct pattern *p,
283 const struct str_find *sf,
284 int captures,
285 char expanded_buf[static PATH_MAX4096])
286{
287 if (LIKELY(!(p->flags & PATTERN_COND_MASK))__builtin_expect((!!(!(p->flags & PATTERN_COND_MASK)))
, (1))
)
288 return true1;
289
290 const char *url = request->url.value;
291
292 if (p->flags & PATTERN_COND_METHOD) {
293 const enum lwan_request_flags method =
294 p->condition.request_flags & REQUEST_METHOD_MASK;
295 if (lwan_request_get_method(request) != method)
296 return false0;
297 }
298
299 if (p->flags & PATTERN_COND_HTTPS) {
300 bool_Bool is_tls = request->conn->flags & CONN_TLS;
301 if (p->flags & PATTERN_COND_HTTPS__IS_HTTPS) {
302 if (!is_tls)
303 return false0;
304 } else if (is_tls) {
305 return false0;
306 }
307 }
308
309 if (p->flags & PATTERN_COND_ACCEPT_ENCODING) {
310 const enum lwan_request_flags accept =
311 p->condition.request_flags & REQUEST_ACCEPT_MASK;
312 if (!(lwan_request_get_accept_encoding(request) & accept))
313 return false0;
314 }
315
316 if (p->flags & PATTERN_COND_PROXIED) {
317 if (!(request->flags & p->condition.request_flags & REQUEST_PROXIED))
318 return false0;
319 }
320
321 if (p->flags & PATTERN_COND_HTTP10) {
322 if (!(request->flags & p->condition.request_flags & REQUEST_IS_HTTP_1_0))
323 return false0;
324 }
325
326 if (p->flags & PATTERN_COND_HAS_QUERY_STRING) {
327 if (!(request->flags & p->condition.request_flags & REQUEST_HAS_QUERY_STRING))
328 return false0;
329 }
330
331 if (p->flags & PATTERN_COND_COOKIE) {
332 assert(p->condition.cookie.key)((void) sizeof ((p->condition.cookie.key) ? 1 : 0), __extension__
({ if (p->condition.cookie.key) ; else __assert_fail ("p->condition.cookie.key"
, "/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-mod-rewrite.c"
, 332, __extension__ __PRETTY_FUNCTION__); }))
;
333 assert(p->condition.cookie.value)((void) sizeof ((p->condition.cookie.value) ? 1 : 0), __extension__
({ if (p->condition.cookie.value) ; else __assert_fail ("p->condition.cookie.value"
, "/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-mod-rewrite.c"
, 333, __extension__ __PRETTY_FUNCTION__); }))
;
334
335 const char *cookie =
336 lwan_request_get_cookie(request, p->condition.cookie.key);
337 if (!cookie)
338 return false0;
339
340 const char *val = expand_string(p->condition.cookie.value, url,
341 expanded_buf, sf, captures);
342 if (!val || !streq(val, cookie))
343 return false0;
344 }
345
346 if (p->flags & PATTERN_COND_ENV_VAR) {
347 assert(p->condition.env_var.key)((void) sizeof ((p->condition.env_var.key) ? 1 : 0), __extension__
({ if (p->condition.env_var.key) ; else __assert_fail ("p->condition.env_var.key"
, "/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-mod-rewrite.c"
, 347, __extension__ __PRETTY_FUNCTION__); }))
;
348 assert(p->condition.env_var.value)((void) sizeof ((p->condition.env_var.value) ? 1 : 0), __extension__
({ if (p->condition.env_var.value) ; else __assert_fail (
"p->condition.env_var.value", "/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-mod-rewrite.c"
, 348, __extension__ __PRETTY_FUNCTION__); }))
;
349
350 const char *env_var = secure_getenv(p->condition.env_var.key);
351 if (!env_var)
352 return false0;
353
354 const char *val = expand_string(p->condition.env_var.value, url,
355 expanded_buf, sf, captures);
356 if (!val || !streq(val, env_var))
357 return false0;
358 }
359
360 if (p->flags & PATTERN_COND_QUERY_VAR) {
361 assert(p->condition.query_var.key)((void) sizeof ((p->condition.query_var.key) ? 1 : 0), __extension__
({ if (p->condition.query_var.key) ; else __assert_fail (
"p->condition.query_var.key", "/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-mod-rewrite.c"
, 361, __extension__ __PRETTY_FUNCTION__); }))
;
362 assert(p->condition.query_var.value)((void) sizeof ((p->condition.query_var.value) ? 1 : 0), __extension__
({ if (p->condition.query_var.value) ; else __assert_fail
("p->condition.query_var.value", "/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-mod-rewrite.c"
, 362, __extension__ __PRETTY_FUNCTION__); }))
;
363
364 const char *query =
365 lwan_request_get_query_param(request, p->condition.query_var.key);
366
367 if (!query)
368 return false0;
369
370 const char *val = expand_string(p->condition.query_var.value, url,
371 expanded_buf, sf, captures);
372 if (!val || !streq(val, query))
373 return false0;
374 }
375
376 if (p->flags & PATTERN_COND_POST_VAR) {
377 assert(p->condition.post_var.key)((void) sizeof ((p->condition.post_var.key) ? 1 : 0), __extension__
({ if (p->condition.post_var.key) ; else __assert_fail ("p->condition.post_var.key"
, "/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-mod-rewrite.c"
, 377, __extension__ __PRETTY_FUNCTION__); }))
;
378 assert(p->condition.post_var.value)((void) sizeof ((p->condition.post_var.value) ? 1 : 0), __extension__
({ if (p->condition.post_var.value) ; else __assert_fail (
"p->condition.post_var.value", "/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-mod-rewrite.c"
, 378, __extension__ __PRETTY_FUNCTION__); }))
;
379
380 const char *post =
381 lwan_request_get_post_param(request, p->condition.post_var.key);
382 if (!post)
383 return false0;
384
385 const char *val = expand_string(p->condition.post_var.value, url,
386 expanded_buf, sf, captures);
387 if (!val || !streq(val, post))
388 return false0;
389 }
390
391 if (p->flags & PATTERN_COND_STAT) {
392 assert(p->condition.stat.path)((void) sizeof ((p->condition.stat.path) ? 1 : 0), __extension__
({ if (p->condition.stat.path) ; else __assert_fail ("p->condition.stat.path"
, "/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-mod-rewrite.c"
, 392, __extension__ __PRETTY_FUNCTION__); }))
;
393
394 struct stat st;
395
396 /* FIXME: Expanding path from a user-controlled URL and use the
397 * resulting path to call stat(2) on could lead to some information
398 * disclosure vulnerability. Would require the server to be configured
399 * in a certain way, though.
400 */
401 const char *path = expand_string(p->condition.stat.path, url,
402 expanded_buf, sf, captures);
403 if (!path || stat(path, &st) < 0)
404 return false0;
405
406 if ((p->flags & PATTERN_COND_STAT__FILE_CHECK) ==
407 PATTERN_COND_STAT__FILE_CHECK &&
408 !S_ISREG(st.st_mode)((((st.st_mode)) & 0170000) == (0100000)))
409 return false0;
410 if ((p->flags & PATTERN_COND_STAT__DIR_CHECK) ==
411 PATTERN_COND_STAT__DIR_CHECK &&
412 !S_ISDIR(st.st_mode)((((st.st_mode)) & 0170000) == (0040000)))
413 return false0;
414 }
415
416#ifdef HAVE_LUA
417 if (p->flags & PATTERN_COND_LUA) {
418 assert(p->condition.lua.script)((void) sizeof ((p->condition.lua.script) ? 1 : 0), __extension__
({ if (p->condition.lua.script) ; else __assert_fail ("p->condition.lua.script"
, "/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-mod-rewrite.c"
, 418, __extension__ __PRETTY_FUNCTION__); }))
;
419
420 lua_State *L = lwan_lua_create_state(NULL((void*)0), p->condition.lua.script);
421 if (!L)
422 return false0;
423 coro_defer(request->conn->coro, lua_close_defer, L);
424
425 lua_getglobal(L, "matches")lua_getfield(L, (-10002), ("matches"));
426 if (!lua_isfunction(L, -1)(lua_type(L, (-1)) == 6)) {
427 lwan_status_error(lwan_status_error_debug("/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-mod-rewrite.c"
, 429, __FUNCTION__, "Could not obtain reference to `matches()` function: %s"
, lwan_lua_state_last_error(L))
428 "Could not obtain reference to `matches()` function: %s",lwan_status_error_debug("/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-mod-rewrite.c"
, 429, __FUNCTION__, "Could not obtain reference to `matches()` function: %s"
, lwan_lua_state_last_error(L))
429 lwan_lua_state_last_error(L))lwan_status_error_debug("/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-mod-rewrite.c"
, 429, __FUNCTION__, "Could not obtain reference to `matches()` function: %s"
, lwan_lua_state_last_error(L))
;
430 return false0;
431 }
432
433 lwan_lua_state_push_request(L, request);
434
435 if (lua_pcall(L, 1, 1, 0) != 0) {
436 lwan_status_error("Could not execute `matches()` function: %s",lwan_status_error_debug("/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-mod-rewrite.c"
, 437, __FUNCTION__, "Could not execute `matches()` function: %s"
, lwan_lua_state_last_error(L))
437 lwan_lua_state_last_error(L))lwan_status_error_debug("/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-mod-rewrite.c"
, 437, __FUNCTION__, "Could not execute `matches()` function: %s"
, lwan_lua_state_last_error(L))
;
438 return false0;
439 }
440
441 if (!lua_toboolean(L, -1))
442 return false0;
443 }
444#else
445 assert(!(p->flags & PATTERN_COND_LUA))((void) sizeof ((!(p->flags & PATTERN_COND_LUA)) ? 1 :
0), __extension__ ({ if (!(p->flags & PATTERN_COND_LUA
)) ; else __assert_fail ("!(p->flags & PATTERN_COND_LUA)"
, "/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-mod-rewrite.c"
, 445, __extension__ __PRETTY_FUNCTION__); }))
;
446#endif
447
448 return true1;
449}
450
451static enum lwan_http_status
452rewrite_handle_request(struct lwan_request *request,
453 struct lwan_response *response __attribute__((unused)),
454 void *instance)
455{
456 struct private_data *pd = instance;
457 const char *url = request->url.value;
458 char final_url[PATH_MAX4096];
459 struct pattern *p;
460
461 LWAN_ARRAY_FOREACH(&pd->patterns, p)for (p = (&pd->patterns)->base.base; p < ((typeof
(p))(&pd->patterns)->base.base + (&pd->patterns
)->base.elements); p++)
{
462 struct str_find sf[MAXCAPTURES32];
463 const char *expanded = NULL((void*)0);
464 const char *errmsg;
465 int captures;
466
467 captures = str_find(url, p->pattern, sf, MAXCAPTURES32, &errmsg);
468 if (captures <= 0)
469 continue;
470
471 if (!condition_matches(request, p, sf, captures, final_url))
472 continue;
473
474 switch (p->flags & PATTERN_EXPAND_MASK) {
475#ifdef HAVE_LUA
476 case PATTERN_EXPAND_LUA:
477 expanded = expand_lua(request, p, url, final_url, sf, captures);
478 break;
479#endif
480 case PATTERN_EXPAND_LWAN:
481 expanded = expand(p, url, final_url, sf, captures);
482 break;
483 }
484
485 if (LIKELY(expanded)__builtin_expect((!!(expanded)), (1))) {
486 switch (p->flags & PATTERN_HANDLE_MASK) {
487 case PATTERN_HANDLE_REDIRECT:
488 return module_redirect_to(request, expanded);
489 case PATTERN_HANDLE_REWRITE:
490 return module_rewrite_as(request, expanded);
491 }
492 }
493
494 return HTTP_INTERNAL_ERROR;
495 }
496
497 return HTTP_NOT_FOUND;
498}
499
500static void *rewrite_create(const char *prefix __attribute__((unused)),
501 void *instance __attribute__((unused)))
502{
503 struct private_data *pd = malloc(sizeof(*pd));
504
505 if (!pd)
506 return NULL((void*)0);
507
508 pattern_array_init(&pd->patterns);
509
510 return pd;
511}
512
513static void rewrite_destroy(void *instance)
514{
515 struct private_data *pd = instance;
516 struct pattern *iter;
517
518 LWAN_ARRAY_FOREACH(&pd->patterns, iter)for (iter = (&pd->patterns)->base.base; iter < (
(typeof(iter))(&pd->patterns)->base.base + (&pd
->patterns)->base.elements); iter++)
{
519 free(iter->pattern);
520 free(iter->expand_pattern);
521 if (iter->flags & PATTERN_COND_COOKIE) {
522 free(iter->condition.cookie.key);
523 free(iter->condition.cookie.value);
524 }
525 if (iter->flags & PATTERN_COND_ENV_VAR) {
526 free(iter->condition.env_var.key);
527 free(iter->condition.env_var.value);
528 }
529 if (iter->flags & PATTERN_COND_QUERY_VAR) {
530 free(iter->condition.query_var.key);
531 free(iter->condition.query_var.value);
532 }
533 if (iter->flags & PATTERN_COND_POST_VAR) {
534 free(iter->condition.post_var.key);
535 free(iter->condition.post_var.value);
536 }
537 if (iter->flags & PATTERN_COND_HEADER) {
538 free(iter->condition.header.key);
539 free(iter->condition.header.value);
540 }
541 if (iter->flags & PATTERN_COND_STAT) {
542 free(iter->condition.stat.path);
543 }
544#ifdef HAVE_LUA
545 if (iter->flags & PATTERN_COND_LUA) {
546 free(iter->condition.lua.script);
547 }
548#endif
549 }
550
551 pattern_array_reset(&pd->patterns);
552 free(pd);
553}
554
555static void *rewrite_create_from_hash(const char *prefix,
556 const struct hash *hash
557 __attribute__((unused)))
558{
559 return rewrite_create(prefix, NULL((void*)0));
560}
561
562static void parse_condition_key_value(struct pattern *pattern,
563 struct lwan_key_value *key_value,
564 enum pattern_flag condition_type,
565 struct config *config,
566 const struct config_line *line)
567{
568 char *key = NULL((void*)0), *value = NULL((void*)0);
569
570 while ((line = config_read_line(config))) {
14
Loop condition is true. Entering loop body
571 switch (line->type) {
15
Control jumps to 'case CONFIG_LINE_TYPE_LINE:' at line 586
572 case CONFIG_LINE_TYPE_SECTION:
573 config_error(config, "Unexpected section: %s", line->key);
574 goto out;
575
576 case CONFIG_LINE_TYPE_SECTION_END:
577 if (!key || !value) {
578 config_error(config, "Key/value has not been specified");
579 goto out;
580 }
581
582 *key_value = (struct lwan_key_value){key, value};
583 pattern->flags |= condition_type & PATTERN_COND_MASK;
584 return;
585
586 case CONFIG_LINE_TYPE_LINE:
587 if (key
15.1
'key' is null
|| value
15.2
'value' is null
) {
16
Taking false branch
588 config_error(config,
589 "Can only condition on a single key/value pair. "
590 "Currently has: %s=%s",
591 key, value);
592 goto out;
593 }
594
595 key = strdup(line->key);
17
Memory is allocated
596 if (!key) {
18
Assuming 'key' is non-null
19
Taking false branch
597 config_error(config,
598 "Could not copy key while parsing condition");
599 goto out;
600 }
601
602 value = strdup(line->value);
603 if (!value) {
20
Assuming 'value' is null
21
Taking true branch
604 free(key);
22
Memory is released
605 config_error(config,
606 "Could not copy value while parsing condition");
607 goto out;
23
Control jumps to line 614
608 }
609 break;
610 }
611 }
612
613out:
614 free(key);
24
Attempt to free released memory
615 free(value);
616}
617
618static void parse_condition_stat(struct pattern *pattern,
619 struct config *config,
620 const struct config_line *line)
621{
622 char *path = NULL((void*)0);
623 bool_Bool has_is_dir = false0, is_dir = false0;
624 bool_Bool has_is_file = false0, is_file = false0;
625
626 while ((line = config_read_line(config))) {
627 switch (line->type) {
628 case CONFIG_LINE_TYPE_SECTION:
629 config_error(config, "Unexpected section: %s", line->key);
630 goto out;
631
632 case CONFIG_LINE_TYPE_SECTION_END:
633 if (!path) {
634 config_error(config, "Path not specified");
635 goto out;
636 }
637
638 pattern->condition.stat.path = path;
639 if (has_is_dir) {
640 pattern->flags |= PATTERN_COND_STAT__HAS_IS_DIR;
641 if (is_dir)
642 pattern->flags |= PATTERN_COND_STAT__IS_DIR;
643 }
644 if (has_is_file) {
645 pattern->flags |= PATTERN_COND_STAT__HAS_IS_FILE;
646 if (is_file)
647 pattern->flags |= PATTERN_COND_STAT__IS_FILE;
648 }
649 pattern->flags |= PATTERN_COND_STAT;
650 return;
651
652 case CONFIG_LINE_TYPE_LINE:
653 if (streq(line->key, "path")) {
654 if (path) {
655 config_error(config, "Path `%s` already specified", path);
656 goto out;
657 }
658 path = strdup(line->value);
659 if (!path) {
660 config_error(config, "Could not copy path");
661 goto out;
662 }
663 } else if (streq(line->key, "is_dir")) {
664 is_dir = parse_bool(line->value, false0);
665 has_is_dir = true1;
666 } else if (streq(line->key, "is_file")) {
667 is_file = parse_bool(line->value, false0);
668 has_is_file = true1;
669 } else {
670 config_error(config, "Unexpected key: %s", line->key);
671 goto out;
672 }
673
674 break;
675 }
676 }
677
678out:
679 free(path);
680}
681
682static void parse_condition_accept_encoding(struct pattern *pattern,
683 struct config *config)
684{
685 const struct config_line *line;
686
687 while ((line = config_read_line(config))) {
688 switch (line->type) {
689 case CONFIG_LINE_TYPE_SECTION:
690 config_error(config, "Unexpected section: %s", line->key);
691 return;
692
693 case CONFIG_LINE_TYPE_SECTION_END:
694 pattern->flags |= PATTERN_COND_ACCEPT_ENCODING;
695 return;
696
697 case CONFIG_LINE_TYPE_LINE:
698 if (streq(line->key, "deflate")) {
699 if (parse_bool(line->value, false0))
700 pattern->condition.request_flags |= REQUEST_ACCEPT_DEFLATE;
701 } else if (streq(line->key, "gzip")) {
702 if (parse_bool(line->value, false0))
703 pattern->condition.request_flags |= REQUEST_ACCEPT_GZIP;
704 } else if (streq(line->key, "brotli")) {
705 if (parse_bool(line->value, false0))
706 pattern->condition.request_flags |= REQUEST_ACCEPT_BROTLI;
707 } else if (streq(line->key, "zstd")) {
708 if (parse_bool(line->value, false0))
709 pattern->condition.request_flags |= REQUEST_ACCEPT_ZSTD;
710 } else if (!streq(line->key, "none")) {
711 config_error(config, "Unsupported encoding for condition: %s",
712 line->key);
713 return;
714 }
715 break;
716 }
717 }
718}
719
720static bool_Bool get_method_from_string(struct pattern *pattern, const char *string)
721{
722#define GENERATE_CMP(upper, lower, mask, constant, probability) \
723 if (!strcasecmp(string, #upper)) { \
724 pattern->condition.request_flags |= (mask); \
725 return true1; \
726 }
727
728 FOR_EACH_REQUEST_METHOD(GENERATE_CMP)GENERATE_CMP(GET, get, (1 << 0), (((uint32_t)(('G') | (
'E') << 8 | ('T') << 16 | (' ') << 24))), 0.6
) GENERATE_CMP(POST, post, (1 << 3 | 1 << 1 | 1 <<
0), (((uint32_t)(('P') | ('O') << 8 | ('S') << 16
| ('T') << 24))), 0.2) GENERATE_CMP(HEAD, head, (1 <<
1), (((uint32_t)(('H') | ('E') << 8 | ('A') << 16
| ('D') << 24))), 0.2) GENERATE_CMP(OPTIONS, options, (
1 << 2), (((uint32_t)(('O') | ('P') << 8 | ('T') <<
16 | ('I') << 24))), 0.1) GENERATE_CMP(DELETE, delete,
(1 << 1 | 1 << 2), (((uint32_t)(('D') | ('E') <<
8 | ('L') << 16 | ('E') << 24))), 0.1) GENERATE_CMP
(PUT, put, (1 << 3 | 1 << 2 | 1 << 0), (((uint32_t
)(('P') | ('U') << 8 | ('T') << 16 | (' ') <<
24))), 0.1)
729
730#undef GENERATE_CMP
731
732 return false0;
733}
734
735static void parse_condition(struct pattern *pattern,
736 struct config *config,
737 const struct config_line *line)
738{
739 if (streq(line->value, "cookie")) {
12
Taking true branch
740 return parse_condition_key_value(pattern, &pattern->condition.cookie,
13
Calling 'parse_condition_key_value'
741 PATTERN_COND_COOKIE, config, line);
742 }
743 if (streq(line->value, "query")) {
744 return parse_condition_key_value(pattern, &pattern->condition.query_var,
745 PATTERN_COND_QUERY_VAR, config, line);
746 }
747 if (streq(line->value, "post")) {
748 return parse_condition_key_value(pattern, &pattern->condition.post_var,
749 PATTERN_COND_POST_VAR, config, line);
750 }
751 if (streq(line->value, "environment")) {
752 return parse_condition_key_value(pattern, &pattern->condition.env_var,
753 PATTERN_COND_ENV_VAR, config, line);
754 }
755 if (streq(line->value, "header")) {
756 return parse_condition_key_value(pattern, &pattern->condition.header,
757 PATTERN_COND_HEADER, config, line);
758 }
759 if (streq(line->value, "stat")) {
760 return parse_condition_stat(pattern, config, line);
761 }
762 if (streq(line->value, "encoding")) {
763 return parse_condition_accept_encoding(pattern, config);
764 }
765
766 config_error(config, "Condition `%s' not supported", line->value);
767}
768
769static bool_Bool rewrite_parse_conf_pattern(struct private_data *pd,
770 struct config *config,
771 const struct config_line *line)
772{
773 struct pattern *pattern;
774 char *redirect_to = NULL((void*)0), *rewrite_as = NULL((void*)0);
775 bool_Bool expand_with_lua = false0;
776
777 pattern = pattern_array_append0(&pd->patterns);
778 if (!pattern
4.1
'pattern' is non-null
)
5
Taking false branch
779 goto out_no_free;
780
781 pattern->pattern = strdup(line->value);
782 if (!pattern->pattern)
6
Assuming field 'pattern' is non-null
7
Taking false branch
783 goto out;
784
785 while ((line = config_read_line(config))) {
8
Loop condition is true. Entering loop body
786 switch (line->type) {
9
Control jumps to 'case CONFIG_LINE_TYPE_SECTION:' at line 835
787 case CONFIG_LINE_TYPE_LINE:
788 if (streq(line->key, "redirect_to")) {
789 free(redirect_to);
790
791 redirect_to = strdup(line->value);
792 if (!redirect_to)
793 goto out;
794 } else if (streq(line->key, "rewrite_as")) {
795 free(rewrite_as);
796
797 rewrite_as = strdup(line->value);
798 if (!rewrite_as)
799 goto out;
800 } else if (streq(line->key, "expand_with_lua")) {
801 expand_with_lua = parse_bool(line->value, false0);
802 } else if (streq(line->key, "condition_proxied")) {
803 if (parse_bool(line->value, false0))
804 pattern->flags |= PATTERN_COND_PROXIED;
805 } else if (streq(line->key, "condition_http_1.0")) {
806 if (parse_bool(line->value, false0))
807 pattern->flags |= PATTERN_COND_HTTP10;
808 } else if (streq(line->key, "condition_has_query_string")) {
809 if (parse_bool(line->value, false0))
810 pattern->flags |= PATTERN_COND_HAS_QUERY_STRING;
811 } else if (streq(line->key, "condition_is_https")) {
812 if (parse_bool(line->value, false0))
813 pattern->flags |= PATTERN_COND_HTTPS__IS_HTTPS;
814 pattern->flags |= PATTERN_COND_HTTPS;
815 } else if (streq(line->key, "condition_method")) {
816 if (!get_method_from_string(pattern, line->value)) {
817 config_error(config, "Unknown HTTP method: %s", line->value);
818 goto out;
819 }
820 pattern->flags |= PATTERN_COND_METHOD;
821 } else
822#ifdef HAVE_LUA
823 if (streq(line->key, "condition_lua")) {
824 pattern->condition.lua.script = strdup(line->value);
825 if (!pattern->condition.lua.script)
826 lwan_status_critical("Couldn't copy Lua script")lwan_status_critical_debug("/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-mod-rewrite.c"
, 826, __FUNCTION__, "Couldn't copy Lua script")
;
827 pattern->flags |= PATTERN_COND_LUA;
828 } else
829#endif
830 {
831 config_error(config, "Unexpected key: %s", line->key);
832 goto out;
833 }
834 break;
835 case CONFIG_LINE_TYPE_SECTION:
836 if (streq(line->key, "condition")) {
10
Taking true branch
837 parse_condition(pattern, config, line);
11
Calling 'parse_condition'
838 } else {
839 config_error(config, "Unexpected section: %s", line->key);
840 }
841 break;
842 case CONFIG_LINE_TYPE_SECTION_END:
843 if (redirect_to && rewrite_as) {
844 config_error(
845 config,
846 "`redirect to` and `rewrite as` are mutually exclusive");
847 goto out;
848 }
849 if (redirect_to) {
850 pattern->expand_pattern = redirect_to;
851 pattern->flags |= PATTERN_HANDLE_REDIRECT;
852 } else if (rewrite_as) {
853 pattern->expand_pattern = rewrite_as;
854 pattern->flags |= PATTERN_HANDLE_REWRITE;
855 } else {
856 config_error(
857 config,
858 "either `redirect to` or `rewrite as` are required");
859 goto out;
860 }
861 if (expand_with_lua) {
862#ifdef HAVE_LUA
863 pattern->flags |= PATTERN_EXPAND_LUA;
864#else
865 config_error(config, "Lwan has been built without Lua. "
866 "`expand_with_lua` is not available");
867 goto out;
868#endif
869 } else {
870 pattern->flags |= PATTERN_EXPAND_LWAN;
871 }
872
873 return true1;
874 }
875 }
876
877out:
878 free(pattern->pattern);
879 free(redirect_to);
880 free(rewrite_as);
881out_no_free:
882 config_error(config, "Could not copy pattern");
883 return false0;
884}
885
886static bool_Bool rewrite_parse_conf(void *instance, struct config *config)
887{
888 struct private_data *pd = instance;
889 const struct config_line *line;
890
891 while ((line = config_read_line(config))) {
1
Loop condition is true. Entering loop body
892 switch (line->type) {
2
Control jumps to 'case CONFIG_LINE_TYPE_SECTION:' at line 896
893 case CONFIG_LINE_TYPE_LINE:
894 config_error(config, "Unknown option: %s", line->key);
895 break;
896 case CONFIG_LINE_TYPE_SECTION:
897 if (streq(line->key, "pattern")) {
3
Taking true branch
898 rewrite_parse_conf_pattern(pd, config, line);
4
Calling 'rewrite_parse_conf_pattern'
899 } else {
900 config_error(config, "Unknown section: %s", line->key);
901 }
902 break;
903 case CONFIG_LINE_TYPE_SECTION_END:
904 break;
905 }
906 }
907
908 return !config_last_error(config);
909}
910
911static const struct lwan_module module = {
912 .create = rewrite_create,
913 .create_from_hash = rewrite_create_from_hash,
914 .parse_conf = rewrite_parse_conf,
915 .destroy = rewrite_destroy,
916 .handle_request = rewrite_handle_request,
917 .flags = HANDLER_CAN_REWRITE_URL
918};
919
920LWAN_REGISTER_MODULE(rewrite, &module)const struct lwan_module_info __attribute__((used, section("lwan_module"
))) lwan_module_info_rewrite = {.name = "rewrite", .module = &
module}
;