Bug Summary

File:lib/lwan-request.c
Warning:line 1724, column 13
1st function call argument is an uninitialized value

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple x86_64-pc-linux-gnu -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name lwan-request.c -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 2 -fhalf-no-semantic-interposition -mframe-pointer=all -fmath-errno -ffp-contract=on -fno-rounding-math -mconstructor-aliases -fno-plt -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/home/buildbot/lwan-worker/clang-analyze/build/src/lib -resource-dir /usr/lib/clang/14.0.6 -include /home/buildbot/lwan-worker/clang-analyze/build/lwan-build-config.h -D _FILE_OFFSET_BITS=64 -D _TIME_BITS=64 -I /home/buildbot/lwan-worker/clang-analyze/build/src/lib/missing -I /usr/include/luajit-2.1 -I /usr/include/valgrind -I /home/buildbot/lwan-worker/clang-analyze/build/src/lib -I /home/buildbot/lwan-worker/clang-analyze/build -internal-isystem /usr/lib/clang/14.0.6/include -internal-isystem /usr/local/include -internal-isystem /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.0/../../../../x86_64-pc-linux-gnu/include -internal-externc-isystem /include -internal-externc-isystem /usr/include -Wno-unused-parameter -Wno-free-nonheap-object -std=gnu11 -fdebug-compilation-dir=/home/buildbot/lwan-worker/clang-analyze/build/src/lib -ferror-limit 19 -stack-protector 2 -fgnuc-version=4.2.1 -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /home/buildbot/lwan-worker/clang-analyze/CLANG/2023-01-03-043944-1058096-1 -x c /home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-request.c
1/*
2 * lwan - web server
3 * Copyright (c) 2012-2014 L. A. F. Pereira <l@tia.mat.br>
4 *
5 * This program is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU General Public License
7 * as published by the Free Software Foundation; either version 2
8 * of the License, or any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 */
19
20#define _GNU_SOURCE
21#include <arpa/inet.h>
22#include <assert.h>
23#include <ctype.h>
24#include <errno(*__errno_location ()).h>
25#include <fcntl.h>
26#include <inttypes.h>
27#include <limits.h>
28#include <stddef.h>
29#include <stdio.h>
30#include <stdlib.h>
31#include <string.h>
32#include <strings.h>
33#include <sys/mman.h>
34#include <sys/socket.h>
35#include <sys/stat.h>
36#include <sys/types.h>
37#include <sys/vfs.h>
38#include <unistd.h>
39
40#include "lwan-private.h"
41
42#include "base64.h"
43#include "list.h"
44#include "lwan-config.h"
45#include "lwan-http-authorize.h"
46#include "lwan-io-wrappers.h"
47#include "sha1.h"
48
49#define HEADER_VALUE_SEPARATOR_LEN(sizeof(": ") - 1) (sizeof(": ") - 1)
50#define HEADER_TERMINATOR_LEN(sizeof("\r\n") - 1) (sizeof("\r\n") - 1)
51#define MIN_REQUEST_SIZE(sizeof("GET / HTTP/1.1\r\n\r\n") - 1) (sizeof("GET / HTTP/1.1\r\n\r\n") - 1)
52
53enum lwan_read_finalizer {
54 FINALIZER_DONE,
55 FINALIZER_TRY_AGAIN,
56 FINALIZER_TIMEOUT,
57};
58
59struct proxy_header_v2 {
60 uint8_t sig[12];
61 uint8_t cmd_ver;
62 uint8_t fam;
63 uint16_t len;
64 union {
65 struct {
66 in_addr_t src_addr;
67 in_addr_t dst_addr;
68 uint16_t src_port;
69 uint16_t dst_port;
70 } ip4;
71 struct {
72 struct in6_addr src_addr;
73 struct in6_addr dst_addr;
74 uint16_t src_port;
75 uint16_t dst_port;
76 } ip6;
77 } addr;
78};
79
80static char decode_hex_digit(char ch) __attribute__((pure));
81static char *ignore_leading_whitespace(char *buffer) __attribute__((pure));
82
83
84static bool_Bool
85parse_ascii_port(char *port, unsigned short *out)
86{
87 unsigned long parsed;
88 char *end_ptr;
89
90 errno(*__errno_location ()) = 0;
91 parsed = strtoul(port, &end_ptr, 10);
92
93 if (UNLIKELY(errno != 0)__builtin_expect((((*__errno_location ()) != 0)), (0)))
94 return false0;
95
96 if (UNLIKELY(*end_ptr != '\0')__builtin_expect(((*end_ptr != '\0')), (0)))
97 return false0;
98
99 if (UNLIKELY((unsigned long)(unsigned short)parsed != parsed)__builtin_expect((((unsigned long)(unsigned short)parsed != parsed
)), (0)))
100 return false0;
101
102 *out = htons((unsigned short)parsed);
103 return true1;
104}
105
106static char *
107strsep_char(char *strp, const char *end, char delim)
108{
109 char *ptr;
110
111 if (UNLIKELY(!strp)__builtin_expect(((!strp)), (0)))
112 return NULL((void*)0);
113
114 if (UNLIKELY(strp > end)__builtin_expect(((strp > end)), (0)))
115 return NULL((void*)0);
116
117 ptr = strchr(strp, delim);
118 if (UNLIKELY(!ptr)__builtin_expect(((!ptr)), (0)))
119 return NULL((void*)0);
120
121 *ptr = '\0';
122 return ptr + 1;
123}
124
125static char *
126parse_proxy_protocol_v1(struct lwan_request *request, char *buffer)
127{
128 static const size_t line_size = 108;
129 char *end, *protocol, *src_addr, *dst_addr, *src_port, *dst_port;
130 unsigned int size;
131 struct lwan_proxy *const proxy = request->proxy;
132
133 end = memchr(buffer, '\r', line_size);
134 if (UNLIKELY(!end || end[1] != '\n')__builtin_expect(((!end || end[1] != '\n')), (0)))
135 return NULL((void*)0);
136 *end = '\0';
137 size = (unsigned int) (end + 2 - buffer);
138
139 protocol = buffer + sizeof("PROXY ") - 1;
140 src_addr = strsep_char(protocol, end, ' ');
141 dst_addr = strsep_char(src_addr, end, ' ');
142 src_port = strsep_char(dst_addr, end, ' ');
143 dst_port = strsep_char(src_port, end, ' ');
144
145 if (UNLIKELY(!dst_port)__builtin_expect(((!dst_port)), (0)))
146 return NULL((void*)0);
147
148 STRING_SWITCH(protocol)switch (string_as_uint32(protocol)) {
149 case STR4_INT('T', 'C', 'P', '4')((uint32_t)(('T') | ('C') << 8 | ('P') << 16 | ('4'
) << 24)): {
150 struct sockaddr_in *from = &proxy->from.ipv4;
151 struct sockaddr_in *to = &proxy->to.ipv4;
152
153 from->sin_family = to->sin_family = AF_INET2;
154
155 if (UNLIKELY(inet_pton(AF_INET, src_addr, &from->sin_addr) <= 0)__builtin_expect(((inet_pton(2, src_addr, &from->sin_addr
) <= 0)), (0)))
156 return NULL((void*)0);
157 if (UNLIKELY(inet_pton(AF_INET, dst_addr, &to->sin_addr) <= 0)__builtin_expect(((inet_pton(2, dst_addr, &to->sin_addr
) <= 0)), (0)))
158 return NULL((void*)0);
159 if (UNLIKELY(!parse_ascii_port(src_port, &from->sin_port))__builtin_expect(((!parse_ascii_port(src_port, &from->
sin_port))), (0)))
160 return NULL((void*)0);
161 if (UNLIKELY(!parse_ascii_port(dst_port, &to->sin_port))__builtin_expect(((!parse_ascii_port(dst_port, &to->sin_port
))), (0)))
162 return NULL((void*)0);
163
164 break;
165 }
166 case STR4_INT('T', 'C', 'P', '6')((uint32_t)(('T') | ('C') << 8 | ('P') << 16 | ('6'
) << 24)): {
167 struct sockaddr_in6 *from = &proxy->from.ipv6;
168 struct sockaddr_in6 *to = &proxy->to.ipv6;
169
170 from->sin6_family = to->sin6_family = AF_INET610;
171
172 if (UNLIKELY(inet_pton(AF_INET6, src_addr, &from->sin6_addr) <= 0)__builtin_expect(((inet_pton(10, src_addr, &from->sin6_addr
) <= 0)), (0)))
173 return NULL((void*)0);
174 if (UNLIKELY(inet_pton(AF_INET6, dst_addr, &to->sin6_addr) <= 0)__builtin_expect(((inet_pton(10, dst_addr, &to->sin6_addr
) <= 0)), (0)))
175 return NULL((void*)0);
176 if (UNLIKELY(!parse_ascii_port(src_port, &from->sin6_port))__builtin_expect(((!parse_ascii_port(src_port, &from->
sin6_port))), (0)))
177 return NULL((void*)0);
178 if (UNLIKELY(!parse_ascii_port(dst_port, &to->sin6_port))__builtin_expect(((!parse_ascii_port(dst_port, &to->sin6_port
))), (0)))
179 return NULL((void*)0);
180
181 break;
182 }
183 default:
184 return NULL((void*)0);
185 }
186
187 request->flags |= REQUEST_PROXIED;
188 return buffer + size;
189}
190
191static char *parse_proxy_protocol_v2(struct lwan_request *request, char *buffer)
192{
193 struct proxy_header_v2 *hdr = (struct proxy_header_v2 *)buffer;
194 struct lwan_request_parser_helper *helper = request->helper;
195 const unsigned int proto_signature_length = 16;
196 unsigned int size;
197 struct lwan_proxy *const proxy = request->proxy;
198
199 enum { LOCAL = 0x20, PROXY = 0x21, TCP4 = 0x11, TCP6 = 0x21 };
200
201 size = proto_signature_length + (unsigned int)ntohs(hdr->len);
202 if (UNLIKELY(size > (unsigned int)sizeof(*hdr))__builtin_expect(((size > (unsigned int)sizeof(*hdr))), (0
)))
203 return NULL((void*)0);
204 if (UNLIKELY(size >= helper->buffer->len)__builtin_expect(((size >= helper->buffer->len)), (0
)))
205 return NULL((void*)0);
206
207 if (LIKELY(hdr->cmd_ver == PROXY)__builtin_expect((!!(hdr->cmd_ver == PROXY)), (1))) {
208 if (hdr->fam == TCP4) {
209 struct sockaddr_in *from = &proxy->from.ipv4;
210 struct sockaddr_in *to = &proxy->to.ipv4;
211
212 to->sin_family = from->sin_family = AF_INET2;
213
214 from->sin_addr.s_addr = hdr->addr.ip4.src_addr;
215 from->sin_port = hdr->addr.ip4.src_port;
216
217 to->sin_addr.s_addr = hdr->addr.ip4.dst_addr;
218 to->sin_port = hdr->addr.ip4.dst_port;
219 } else if (hdr->fam == TCP6) {
220 struct sockaddr_in6 *from = &proxy->from.ipv6;
221 struct sockaddr_in6 *to = &proxy->to.ipv6;
222
223 from->sin6_family = to->sin6_family = AF_INET610;
224
225 from->sin6_addr = hdr->addr.ip6.src_addr;
226 from->sin6_port = hdr->addr.ip6.src_port;
227
228 to->sin6_addr = hdr->addr.ip6.dst_addr;
229 to->sin6_port = hdr->addr.ip6.dst_port;
230 } else {
231 return NULL((void*)0);
232 }
233 } else if (hdr->cmd_ver == LOCAL) {
234 struct sockaddr_in *from = &proxy->from.ipv4;
235 struct sockaddr_in *to = &proxy->to.ipv4;
236
237 from->sin_family = to->sin_family = AF_UNSPEC0;
238 } else {
239 return NULL((void*)0);
240 }
241
242 request->flags |= REQUEST_PROXIED;
243 return buffer + size;
244}
245
246#if !defined(LWAN_HAVE_BUILTIN_EXPECT_PROBABILITY)
247#define __builtin_expect_with_probability(value1, value2, probability) \
248 __builtin_expect(value1, value2)
249#endif
250
251static ALWAYS_INLINEinline __attribute__((always_inline)) char *identify_http_method(struct lwan_request *request,
252 char *buffer)
253{
254 const uint32_t first_four = string_as_uint32(buffer);
255
256#define GENERATE_IF(upper, lower, mask, constant, probability) \
257 if (__builtin_expect_with_probability(first_four == (constant), 1, \
258 probability)) { \
259 request->flags |= (mask); \
260 return buffer + sizeof(#upper); \
261 }
262
263 FOR_EACH_REQUEST_METHOD(GENERATE_IF)GENERATE_IF(GET, get, (1 << 0), (((uint32_t)(('G') | ('E'
) << 8 | ('T') << 16 | (' ') << 24))), 0.6)
GENERATE_IF(POST, post, (1 << 3 | 1 << 1 | 1 <<
0), (((uint32_t)(('P') | ('O') << 8 | ('S') << 16
| ('T') << 24))), 0.2) GENERATE_IF(HEAD, head, (1 <<
1), (((uint32_t)(('H') | ('E') << 8 | ('A') << 16
| ('D') << 24))), 0.2) GENERATE_IF(OPTIONS, options, (
1 << 2), (((uint32_t)(('O') | ('P') << 8 | ('T') <<
16 | ('I') << 24))), 0.1) GENERATE_IF(DELETE, delete, (
1 << 1 | 1 << 2), (((uint32_t)(('D') | ('E') <<
8 | ('L') << 16 | ('E') << 24))), 0.1) GENERATE_IF
(PUT, put, (1 << 3 | 1 << 2 | 1 << 0), (((uint32_t
)(('P') | ('U') << 8 | ('T') << 16 | (' ') <<
24))), 0.1)
264
265#undef GENERATE_IF
266
267 return NULL((void*)0);
268}
269
270static ALWAYS_INLINEinline __attribute__((always_inline)) char decode_hex_digit(char ch)
271{
272 static const char hex_digit_tbl[256] = {
273 ['0'] = 0, ['1'] = 1, ['2'] = 2, ['3'] = 3, ['4'] = 4, ['5'] = 5,
274 ['6'] = 6, ['7'] = 7, ['8'] = 8, ['9'] = 9, ['a'] = 10, ['b'] = 11,
275 ['c'] = 12, ['d'] = 13, ['e'] = 14, ['f'] = 15, ['A'] = 10, ['B'] = 11,
276 ['C'] = 12, ['D'] = 13, ['E'] = 14, ['F'] = 15,
277 };
278 return hex_digit_tbl[(unsigned char)ch];
279}
280
281__attribute__((nonnull(1))) static ssize_t url_decode(char *str)
282{
283 const char *inptr = str;
284 char *outptr = str;
285
286 for (char *ch = strchr(str, '+'); ch; ch = strchr(ch + 1, '+'))
287 *ch = ' ';
288
289 for (const char *pct = strchr(inptr, '%'); pct; pct = strchr(inptr, '%')) {
290 ptrdiff_t diff = pct - inptr;
291 if (diff)
292 outptr = stpncpy(outptr, inptr, (size_t)diff);
293
294 char decoded = (char)(decode_hex_digit(pct[1]) << 4);
295 decoded |= (char)decode_hex_digit(pct[2]);
296 if (UNLIKELY(!decoded)__builtin_expect(((!decoded)), (0)))
297 return -1;
298
299 *outptr = decoded;
300 outptr++;
301
302 inptr = pct + 3;
303 }
304
305 if (inptr > outptr)
306 outptr = stpcpy(outptr, inptr);
307
308 return (ssize_t)(outptr - str);
309}
310
311static int key_value_compare(const void *a, const void *b)
312{
313 return strcmp(((const struct lwan_key_value *)a)->key,
314 ((const struct lwan_key_value *)b)->key);
315}
316
317static void
318reset_key_value_array(void *data)
319{
320 struct lwan_key_value_array *array = data;
321
322 lwan_key_value_array_reset(array);
323}
324
325static void parse_key_values(struct lwan_request *request,
326 struct lwan_value *helper_value,
327 struct lwan_key_value_array *array,
328 ssize_t (*decode_value)(char *value),
329 const char separator)
330{
331 struct lwan_key_value *kv;
332 char *ptr = helper_value->value;
333 const char *end = helper_value->value + helper_value->len;
334 coro_deferred reset_defer;
335
336 if (!helper_value->len)
337 return;
338
339 lwan_key_value_array_init(array);
340 reset_defer = coro_defer(request->conn->coro, reset_key_value_array, array);
341
342 do {
343 char *key, *value;
344
345 while (*ptr == ' ' || *ptr == separator)
346 ptr++;
347 if (UNLIKELY(*ptr == '\0')__builtin_expect(((*ptr == '\0')), (0)))
348 break;
349
350 key = ptr;
351 ptr = strsep_char(key, end, separator);
352
353 value = strsep_char(key, end, '=');
354 if (UNLIKELY(!value)__builtin_expect(((!value)), (0))) {
355 value = "";
356 } else if (UNLIKELY(decode_value(value) < 0)__builtin_expect(((decode_value(value) < 0)), (0))) {
357 /* Disallow values that failed decoding, but allow empty values */
358 goto error;
359 }
360
361 if (UNLIKELY(decode_value(key) <= 0)__builtin_expect(((decode_value(key) <= 0)), (0))) {
362 /* Disallow keys that failed decoding, or empty keys */
363 goto error;
364 }
365
366 kv = lwan_key_value_array_append(array);
367 if (UNLIKELY(!kv)__builtin_expect(((!kv)), (0)))
368 goto error;
369
370 kv->key = key;
371 kv->value = value;
372 } while (ptr);
373
374 lwan_key_value_array_sort(array, key_value_compare);
375
376 return;
377
378error:
379 coro_defer_fire_and_disarm(request->conn->coro, reset_defer);
380}
381
382static ssize_t
383identity_decode(char *input __attribute__((unused)))
384{
385 return 1;
386}
387
388static void parse_cookies(struct lwan_request *request)
389{
390 const char *cookies = lwan_request_get_header(request, "Cookie");
391
392 if (!cookies)
393 return;
394
395 struct lwan_value header = {.value = (char *)cookies,
396 .len = strlen(cookies)};
397 parse_key_values(request, &header, &request->helper->cookies,
398 identity_decode, ';');
399}
400
401static void parse_query_string(struct lwan_request *request)
402{
403 struct lwan_request_parser_helper *helper = request->helper;
404
405 parse_key_values(request, &helper->query_string, &helper->query_params,
406 url_decode, '&');
407}
408
409static void parse_form_data(struct lwan_request *request)
410{
411 struct lwan_request_parser_helper *helper = request->helper;
412 static const char content_type[] = "application/x-www-form-urlencoded";
413
414 if (helper->content_type.len < sizeof(content_type) - 1)
415 return;
416 if (UNLIKELY(strncmp(helper->content_type.value, content_type,__builtin_expect(((strncmp(helper->content_type.value, content_type
, sizeof(content_type) - 1))), (0))
417 sizeof(content_type) - 1))__builtin_expect(((strncmp(helper->content_type.value, content_type
, sizeof(content_type) - 1))), (0)))
418 return;
419
420 parse_key_values(request, &helper->body_data, &helper->post_params,
421 url_decode, '&');
422}
423
424static void find_query_string(struct lwan_request *request, const char *space)
425{
426 struct lwan_request_parser_helper *helper = request->helper;
427
428 char *query_string = memchr(request->url.value, '?', request->url.len);
429 if (query_string) {
430 *query_string = '\0';
431 helper->query_string.value = query_string + 1;
432 helper->query_string.len = (size_t)(space - query_string - 1);
433 request->url.len -= helper->query_string.len + 1;
434 request->flags |= REQUEST_HAS_QUERY_STRING;
435 }
436}
437
438static char *
439identify_http_path(struct lwan_request *request, char *buffer)
440{
441 struct lwan_request_parser_helper *helper = request->helper;
442 static const size_t minimal_request_line_len = sizeof("/ HTTP/1.0") - 1;
443 char *space, *end_of_line;
444 ptrdiff_t end_len;
445
446 if (UNLIKELY(*buffer != '/')__builtin_expect(((*buffer != '/')), (0)))
447 return NULL((void*)0);
448
449 end_len = buffer - helper->buffer->value;
450 if (UNLIKELY((size_t)end_len >= helper->buffer->len)__builtin_expect((((size_t)end_len >= helper->buffer->
len)), (0)))
451 return NULL((void*)0);
452
453 end_of_line = memchr(buffer, '\r', helper->buffer->len - (size_t)end_len);
454 if (UNLIKELY(!end_of_line)__builtin_expect(((!end_of_line)), (0)))
455 return NULL((void*)0);
456 if (UNLIKELY((size_t)(end_of_line - buffer) < minimal_request_line_len)__builtin_expect((((size_t)(end_of_line - buffer) < minimal_request_line_len
)), (0)))
457 return NULL((void*)0);
458 *end_of_line = '\0';
459
460 space = end_of_line - sizeof("HTTP/X.X");
461
462 request->url.value = buffer;
463 request->url.len = (size_t)(space - buffer);
464 find_query_string(request, space);
465 request->original_url = request->url;
466
467 *space++ = '\0';
468
469 STRING_SWITCH_LARGE(space)switch (string_as_uint64(space)) {
470 case STR8_INT('H','T','T','P','/','1','.','0')((uint64_t)((uint32_t)(('H') | ('T') << 8 | ('T') <<
16 | ('P') << 24)) | (uint64_t)((uint32_t)(('/') | ('1'
) << 8 | ('.') << 16 | ('0') << 24)) <<
32):
471 request->flags |= REQUEST_IS_HTTP_1_0;
472 break;
473 case STR8_INT('H','T','T','P','/','1','.','1')((uint64_t)((uint32_t)(('H') | ('T') << 8 | ('T') <<
16 | ('P') << 24)) | (uint64_t)((uint32_t)(('/') | ('1'
) << 8 | ('.') << 16 | ('1') << 24)) <<
32):
474 break;
475 default:
476 return NULL((void*)0);
477 }
478
479 return end_of_line + 1;
480}
481
482__attribute__((noinline)) static void set_header_value(
483 struct lwan_value *header, char *end, char *p, size_t header_len)
484{
485 p += header_len;
486
487 if (LIKELY(string_as_uint16(p) == STR2_INT(':', ' '))__builtin_expect((!!(string_as_uint16(p) == ((uint16_t)((':')
| (' ') << 8)))), (1))) {
488 *end = '\0';
489 char *value = p + sizeof(": ") - 1;
490
491 header->value = value;
492 header->len = (size_t)(end - value);
493 }
494}
495
496#define HEADER_LENGTH(hdr) \
497 ({ \
498 if (UNLIKELY(end - sizeof(hdr) + 1 < p)__builtin_expect(((end - sizeof(hdr) + 1 < p)), (0))) \
499 continue; \
500 sizeof(hdr) - 1; \
501 })
502
503#define SET_HEADER_VALUE(dest, hdr) \
504 do { \
505 const size_t header_len = HEADER_LENGTH(hdr); \
506 set_header_value(&(helper->dest), end, p, header_len); \
507 } while (0)
508
509static ALWAYS_INLINEinline __attribute__((always_inline)) ssize_t find_headers(char **header_start,
510 struct lwan_value *request_buffer,
511 char **next_request)
512{
513 char *buffer = request_buffer->value;
514 char *buffer_end = buffer + request_buffer->len;
515 ssize_t n_headers = 0;
516 char *next_header;
517
518 for (char *next_chr = buffer + 1;;) {
519 next_header = memchr(next_chr, '\r', (size_t)(buffer_end - next_chr));
520
521 if (UNLIKELY(!next_header)__builtin_expect(((!next_header)), (0)))
522 return -1;
523
524 if (next_chr == next_header) {
525 if (buffer_end - next_chr >= (ptrdiff_t)HEADER_TERMINATOR_LEN(sizeof("\r\n") - 1)) {
526 STRING_SWITCH_SMALL (next_header)switch (string_as_uint16(next_header)) {
527 case STR2_INT('\r', '\n')((uint16_t)(('\r') | ('\n') << 8)):
528 *next_request = next_header + HEADER_TERMINATOR_LEN(sizeof("\r\n") - 1);
529 }
530 }
531 goto out;
532 }
533
534 /* Is there at least a space for a minimal (H)eader and a (V)alue? */
535 if (LIKELY(next_header - next_chr >= (ptrdiff_t)(sizeof("H: V") - 1))__builtin_expect((!!(next_header - next_chr >= (ptrdiff_t)
(sizeof("H: V") - 1))), (1))) {
536 header_start[n_headers++] = next_chr;
537
538 if (UNLIKELY(n_headers >= N_HEADER_START - 1)__builtin_expect(((n_headers >= 64 - 1)), (0)))
539 return -1;
540 } else {
541 /* Better to abort early if there's no space. */
542 return -1;
543 }
544
545 next_chr = next_header + HEADER_TERMINATOR_LEN(sizeof("\r\n") - 1);
546 if (UNLIKELY(next_chr >= buffer_end)__builtin_expect(((next_chr >= buffer_end)), (0)))
547 return -1;
548 }
549
550out:
551 header_start[n_headers] = next_header;
552 return n_headers;
553}
554
555static bool_Bool parse_headers(struct lwan_request_parser_helper *helper,
556 char *buffer)
557{
558 char **header_start = helper->header_start;
559 ssize_t n_headers = 0;
560
561 /* FIXME: is there a better way to do this? */
562 struct lwan_value header_start_buffer = {
563 .value = buffer,
564 .len = helper->buffer->len - (size_t)(buffer - helper->buffer->value)
565 };
566 n_headers = find_headers(header_start, &header_start_buffer,
567 &helper->next_request);
568 if (UNLIKELY(n_headers < 0)__builtin_expect(((n_headers < 0)), (0)))
569 return false0;
570
571 for (ssize_t i = 0; i < n_headers; i++) {
572 char *p = header_start[i];
573 char *end = header_start[i + 1] - HEADER_TERMINATOR_LEN(sizeof("\r\n") - 1);
574
575 STRING_SWITCH_L (p)switch (((string_as_uint32(p)) | (uint32_t)0x20202020)) {
576 case STR4_INT_L('A', 'c', 'c', 'e')((((uint32_t)(('A') | ('c') << 8 | ('c') << 16 | (
'e') << 24))) | (uint32_t)0x20202020):
577 p += HEADER_LENGTH("Accept");
578
579 STRING_SWITCH_L (p)switch (((string_as_uint32(p)) | (uint32_t)0x20202020)) {
580 case STR4_INT_L('-', 'E', 'n', 'c')((((uint32_t)(('-') | ('E') << 8 | ('n') << 16 | (
'c') << 24))) | (uint32_t)0x20202020):
581 SET_HEADER_VALUE(accept_encoding, "-Encoding");
582 break;
583 }
584 break;
585 case STR4_INT_L('C', 'o', 'n', 'n')((((uint32_t)(('C') | ('o') << 8 | ('n') << 16 | (
'n') << 24))) | (uint32_t)0x20202020):
586 SET_HEADER_VALUE(connection, "Connection");
587 break;
588 case STR4_INT_L('C', 'o', 'n', 't')((((uint32_t)(('C') | ('o') << 8 | ('n') << 16 | (
't') << 24))) | (uint32_t)0x20202020):
589 p += HEADER_LENGTH("Content");
590
591 STRING_SWITCH_L (p)switch (((string_as_uint32(p)) | (uint32_t)0x20202020)) {
592 case STR4_INT_L('-', 'T', 'y', 'p')((((uint32_t)(('-') | ('T') << 8 | ('y') << 16 | (
'p') << 24))) | (uint32_t)0x20202020):
593 SET_HEADER_VALUE(content_type, "-Type");
594 break;
595 case STR4_INT_L('-', 'L', 'e', 'n')((((uint32_t)(('-') | ('L') << 8 | ('e') << 16 | (
'n') << 24))) | (uint32_t)0x20202020):
596 SET_HEADER_VALUE(content_length, "-Length");
597 break;
598 }
599 break;
600 case STR4_INT_L('I', 'f', '-', 'M')((((uint32_t)(('I') | ('f') << 8 | ('-') << 16 | (
'M') << 24))) | (uint32_t)0x20202020):
601 SET_HEADER_VALUE(if_modified_since.raw, "If-Modified-Since");
602 break;
603 case STR4_INT_L('H', 'o', 's', 't')((((uint32_t)(('H') | ('o') << 8 | ('s') << 16 | (
't') << 24))) | (uint32_t)0x20202020):
604 SET_HEADER_VALUE(host, "Host");
605 break;
606 case STR4_INT_L('R', 'a', 'n', 'g')((((uint32_t)(('R') | ('a') << 8 | ('n') << 16 | (
'g') << 24))) | (uint32_t)0x20202020):
607 SET_HEADER_VALUE(range.raw, "Range");
608 break;
609 }
610 }
611
612 helper->n_header_start = (size_t)n_headers;
613 return true1;
614}
615#undef HEADER_LENGTH
616#undef SET_HEADER_VALUE
617
618ssize_t lwan_find_headers(char **header_start, struct lwan_value *buffer,
619 char **next_request)
620{
621 return find_headers(header_start, buffer, next_request);
622}
623
624static void parse_if_modified_since(struct lwan_request_parser_helper *helper)
625{
626 static const size_t header_len =
627 sizeof("Wed, 17 Apr 2019 13:59:27 GMT") - 1;
628 time_t parsed;
629
630 if (UNLIKELY(helper->if_modified_since.raw.len != header_len)__builtin_expect(((helper->if_modified_since.raw.len != header_len
)), (0)))
631 return;
632
633 if (UNLIKELY(lwan_parse_rfc_time(helper->if_modified_since.raw.value,__builtin_expect(((lwan_parse_rfc_time(helper->if_modified_since
.raw.value, &parsed) < 0)), (0))
634 &parsed) < 0)__builtin_expect(((lwan_parse_rfc_time(helper->if_modified_since
.raw.value, &parsed) < 0)), (0)))
635 return;
636
637 helper->if_modified_since.parsed = parsed;
638}
639
640static bool_Bool
641parse_off_without_sign(const char *ptr, char **end, off_t *off)
642{
643 unsigned long long val;
644
645 static_assert_Static_assert(sizeof(val) >= sizeof(off_t),
646 "off_t fits in a long long");
647
648 errno(*__errno_location ()) = 0;
649
650 val = strtoull(ptr, end, 10);
651 if (UNLIKELY(val == 0 && *end == ptr)__builtin_expect(((val == 0 && *end == ptr)), (0)))
652 return false0;
653 if (UNLIKELY(errno != 0)__builtin_expect((((*__errno_location ()) != 0)), (0)))
654 return false0;
655 if (UNLIKELY(val > OFF_MAX)__builtin_expect(((val > 9223372036854775807LL)), (0)))
656 return false0;
657
658 *off = (off_t)val;
659 return true1;
660}
661
662static void
663parse_range(struct lwan_request_parser_helper *helper)
664{
665 if (UNLIKELY(helper->range.raw.len <= (sizeof("bytes=") - 1))__builtin_expect(((helper->range.raw.len <= (sizeof("bytes="
) - 1))), (0)))
666 return;
667
668 char *range = helper->range.raw.value;
669 if (UNLIKELY(strncmp(range, "bytes=", sizeof("bytes=") - 1))__builtin_expect(((strncmp(range, "bytes=", sizeof("bytes=") -
1))), (0)))
670 return;
671
672 range += sizeof("bytes=") - 1;
673
674 off_t from, to;
675 char *end;
676
677 if (*range == '-') {
678 from = 0;
679
680 if (!parse_off_without_sign(range + 1, &end, &to))
681 goto invalid_range;
682 if (*end != '\0')
683 goto invalid_range;
684 } else if (lwan_char_isdigit(*range)) {
685 if (!parse_off_without_sign(range, &end, &from))
686 goto invalid_range;
687 if (*end != '-')
688 goto invalid_range;
689
690 range = end + 1;
691 if (*range == '\0') {
692 to = -1;
693 } else {
694 if (!parse_off_without_sign(range, &end, &to))
695 goto invalid_range;
696 if (*end != '\0')
697 goto invalid_range;
698 }
699 } else {
700invalid_range:
701 to = from = -1;
702 }
703
704 helper->range.from = from;
705 helper->range.to = to;
706}
707
708static void
709parse_accept_encoding(struct lwan_request *request)
710{
711 struct lwan_request_parser_helper *helper = request->helper;
712
713 if (!helper->accept_encoding.len)
714 return;
715
716 for (const char *p = helper->accept_encoding.value; *p; p++) {
717 STRING_SWITCH(p)switch (string_as_uint32(p)) {
718 case STR4_INT('d','e','f','l')((uint32_t)(('d') | ('e') << 8 | ('f') << 16 | ('l'
) << 24)):
719 case STR4_INT(' ','d','e','f')((uint32_t)((' ') | ('d') << 8 | ('e') << 16 | ('f'
) << 24)):
720 request->flags |= REQUEST_ACCEPT_DEFLATE;
721 break;
722 case STR4_INT('g','z','i','p')((uint32_t)(('g') | ('z') << 8 | ('i') << 16 | ('p'
) << 24)):
723 case STR4_INT(' ','g','z','i')((uint32_t)((' ') | ('g') << 8 | ('z') << 16 | ('i'
) << 24)):
724 request->flags |= REQUEST_ACCEPT_GZIP;
725 break;
726#if defined(LWAN_HAVE_ZSTD)
727 case STR4_INT('z','s','t','d')((uint32_t)(('z') | ('s') << 8 | ('t') << 16 | ('d'
) << 24)):
728 case STR4_INT(' ','z','s','t')((uint32_t)((' ') | ('z') << 8 | ('s') << 16 | ('t'
) << 24)):
729 request->flags |= REQUEST_ACCEPT_ZSTD;
730 break;
731#endif
732#if defined(LWAN_HAVE_BROTLI)
733 default:
734 while (lwan_char_isspace(*p))
735 p++;
736
737 STRING_SWITCH_SMALL(p)switch (string_as_uint16(p)) {
738 case STR2_INT('b', 'r')((uint16_t)(('b') | ('r') << 8)):
739 request->flags |= REQUEST_ACCEPT_BROTLI;
740 break;
741 }
742#endif
743 }
744
745 if (!(p = strchr(p, ',')))
746 break;
747 }
748}
749
750static ALWAYS_INLINEinline __attribute__((always_inline)) char *
751ignore_leading_whitespace(char *buffer)
752{
753 while (lwan_char_isspace(*buffer))
754 buffer++;
755 return buffer;
756}
757
758static ALWAYS_INLINEinline __attribute__((always_inline)) void parse_connection_header(struct lwan_request *request)
759{
760 struct lwan_request_parser_helper *helper = request->helper;
761 bool_Bool has_keep_alive = false0;
762 bool_Bool has_close = false0;
763
764 if (!helper->connection.len)
765 goto out;
766
767 for (const char *p = helper->connection.value; *p; p++) {
768 STRING_SWITCH_L(p)switch (((string_as_uint32(p)) | (uint32_t)0x20202020)) {
769 case STR4_INT_L('k','e','e','p')((((uint32_t)(('k') | ('e') << 8 | ('e') << 16 | (
'p') << 24))) | (uint32_t)0x20202020):
770 case STR4_INT_L(' ', 'k','e','e')((((uint32_t)((' ') | ('k') << 8 | ('e') << 16 | (
'e') << 24))) | (uint32_t)0x20202020):
771 has_keep_alive = true1;
772 break;
773 case STR4_INT_L('c','l','o','s')((((uint32_t)(('c') | ('l') << 8 | ('o') << 16 | (
's') << 24))) | (uint32_t)0x20202020):
774 case STR4_INT_L(' ', 'c','l','o')((((uint32_t)((' ') | ('c') << 8 | ('l') << 16 | (
'o') << 24))) | (uint32_t)0x20202020):
775 has_close = true1;
776 break;
777 case STR4_INT_L('u','p','g','r')((((uint32_t)(('u') | ('p') << 8 | ('g') << 16 | (
'r') << 24))) | (uint32_t)0x20202020):
778 case STR4_INT_L(' ', 'u','p','g')((((uint32_t)((' ') | ('u') << 8 | ('p') << 16 | (
'g') << 24))) | (uint32_t)0x20202020):
779 request->conn->flags |= CONN_IS_UPGRADE;
780 break;
781 }
782
783 if (!(p = strchr(p, ',')))
784 break;
785 }
786
787out:
788 if (LIKELY(!(request->flags & REQUEST_IS_HTTP_1_0))__builtin_expect((!!(!(request->flags & REQUEST_IS_HTTP_1_0
))), (1)))
789 has_keep_alive = !has_close;
790
791 if (has_keep_alive) {
792 request->conn->flags |= CONN_IS_KEEP_ALIVE;
793 } else {
794 request->conn->flags &=
795 ~(CONN_IS_KEEP_ALIVE | CONN_SENT_CONNECTION_HEADER);
796 }
797}
798
799#if defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION)
800static void save_to_corpus_for_fuzzing(struct lwan_value buffer)
801{
802 struct lwan_value buffer_copy;
803 char corpus_name[PATH_MAX4096];
804 const char *crlfcrlf;
805 int fd;
806
807 if (!(crlfcrlf = memmem(buffer.value, buffer.len, "\r\n\r\n", 4)))
808 return;
809 buffer.len = (size_t)(crlfcrlf - buffer.value + 4);
810
811try_another_file_name:
812 buffer_copy = buffer;
813
814 snprintf(corpus_name, sizeof(corpus_name), "corpus-request-%d", rand());
815
816 fd = open(corpus_name, O_WRONLY01 | O_CLOEXEC02000000 | O_CREAT0100 | O_EXCL0200, 0644);
817 if (fd < 0)
818 goto try_another_file_name;
819
820 while (buffer_copy.len) {
821 ssize_t r = write(fd, buffer_copy.value, buffer_copy.len);
822
823 if (r < 0) {
824 if (errno(*__errno_location ()) == EAGAIN11 || errno(*__errno_location ()) == EINTR4)
825 continue;
826
827 close(fd);
828 unlink(corpus_name);
829 goto try_another_file_name;
830 }
831
832 buffer_copy.value += r;
833 buffer_copy.len -= r;
834 }
835
836 close(fd);
837 lwan_status_debug("Request saved to %s", corpus_name)lwan_status_debug_debug("/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-request.c"
, 837, __FUNCTION__, "Request saved to %s", corpus_name);
838}
839#endif
840
841static enum lwan_http_status
842client_read(struct lwan_request *request,
843 struct lwan_value *buffer,
844 const size_t want_to_read,
845 enum lwan_read_finalizer (*finalizer)(const struct lwan_value *buffer,
846 size_t want_to_read,
847 const struct lwan_request *request,
848 int n_packets))
849{
850 struct lwan_request_parser_helper *helper = request->helper;
851 int n_packets = 0;
852
853 if (helper->next_request) {
854 const size_t next_request_len = (size_t)(helper->next_request - buffer->value);
855 size_t new_len;
856
857 if (__builtin_sub_overflow(buffer->len, next_request_len, &new_len)) {
858 helper->next_request = NULL((void*)0);
859 } else if (new_len) {
860 /* FIXME: This memmove() could be eventually removed if a better
861 * stucture (maybe a ringbuffer, reading with readv(), and each
862 * pointer is coro_strdup() if they wrap around?) were used for
863 * the request buffer. */
864 buffer->len = new_len;
865 memmove(buffer->value, helper->next_request, new_len);
866 goto try_to_finalize;
867 }
868 }
869
870 for (buffer->len = 0;; n_packets++) {
871 size_t to_read = (size_t)(want_to_read - buffer->len);
872
873 if (UNLIKELY(to_read == 0)__builtin_expect(((to_read == 0)), (0)))
874 return HTTP_TOO_LARGE;
875
876 ssize_t n = recv(request->fd, buffer->value + buffer->len, to_read, 0);
877 if (UNLIKELY(n <= 0)__builtin_expect(((n <= 0)), (0))) {
878 if (n < 0) {
879 switch (errno(*__errno_location ())) {
880 case EINTR4:
881 case EAGAIN11:
882yield_and_read_again:
883 coro_yield(request->conn->coro, CONN_CORO_WANT_READ);
884 continue;
885 }
886
887 /* Unexpected error before reading anything */
888 if (UNLIKELY(!buffer->len)__builtin_expect(((!buffer->len)), (0)))
889 return HTTP_BAD_REQUEST;
890 }
891
892 /* Client shut down orderly (n = 0), or unrecoverable error (n < 0);
893 * shut down coro. */
894 break;
895 }
896
897 buffer->len += (size_t)n;
898
899try_to_finalize:
900 switch (finalizer(buffer, want_to_read, request, n_packets)) {
901 case FINALIZER_DONE:
902 buffer->value[buffer->len] = '\0';
903#if defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION)
904 save_to_corpus_for_fuzzing(*buffer);
905#endif
906 return HTTP_OK;
907
908 case FINALIZER_TRY_AGAIN:
909 goto yield_and_read_again;
910
911 case FINALIZER_TIMEOUT:
912 return HTTP_TIMEOUT;
913 }
914 }
915
916 coro_yield(request->conn->coro, CONN_CORO_ABORT);
917 __builtin_unreachable();
918 return HTTP_INTERNAL_ERROR;
919}
920
921static enum lwan_read_finalizer
922read_request_finalizer_from_helper(const struct lwan_value *buffer,
923 struct lwan_request_parser_helper *helper,
924 int n_packets,
925 bool_Bool allow_proxy_reqs)
926{
927 static const size_t min_proxied_request_size =
928 MIN_REQUEST_SIZE(sizeof("GET / HTTP/1.1\r\n\r\n") - 1) + sizeof(struct proxy_header_v2);
929
930 if (LIKELY(buffer->len >= MIN_REQUEST_SIZE)__builtin_expect((!!(buffer->len >= (sizeof("GET / HTTP/1.1\r\n\r\n"
) - 1))), (1))) {
931 STRING_SWITCH (buffer->value + buffer->len - 4)switch (string_as_uint32(buffer->value + buffer->len - 4
)) {
932 case STR4_INT('\r', '\n', '\r', '\n')((uint32_t)(('\r') | ('\n') << 8 | ('\r') << 16 |
('\n') << 24)):
933 return FINALIZER_DONE;
934 }
935 }
936
937 char *crlfcrlf = memmem(buffer->value, buffer->len, "\r\n\r\n", 4);
938 if (LIKELY(crlfcrlf)__builtin_expect((!!(crlfcrlf)), (1))) {
939 if (LIKELY(helper->next_request)__builtin_expect((!!(helper->next_request)), (1))) {
940 helper->next_request = NULL((void*)0);
941 return FINALIZER_DONE;
942 }
943
944 const size_t crlfcrlf_to_base = (size_t)(crlfcrlf - buffer->value);
945 if (crlfcrlf_to_base >= MIN_REQUEST_SIZE(sizeof("GET / HTTP/1.1\r\n\r\n") - 1) - 4)
946 return FINALIZER_DONE;
947
948 if (buffer->len > min_proxied_request_size && allow_proxy_reqs) {
949 /* FIXME: Checking for PROXYv2 protocol header here is a layering
950 * violation. */
951 STRING_SWITCH_LARGE (crlfcrlf + 4)switch (string_as_uint64(crlfcrlf + 4)) {
952 case STR8_INT(0x00, 0x0d, 0x0a, 0x51, 0x55, 0x49, 0x54, 0x0a)((uint64_t)((uint32_t)((0x00) | (0x0d) << 8 | (0x0a) <<
16 | (0x51) << 24)) | (uint64_t)((uint32_t)((0x55) | (
0x49) << 8 | (0x54) << 16 | (0x0a) << 24)) <<
32):
953 return FINALIZER_DONE;
954 }
955 }
956 }
957
958 /* Yield a timeout error to avoid clients being intentionally slow and
959 * hogging the server. (Clients can't only connect and do nothing, they
960 * need to send data, otherwise the timeout queue timer will kick in and
961 * close the connection. Limit the number of packets to avoid them sending
962 * just a byte at a time.) See lwan_calculate_n_packets() to see how this is
963 * calculated. */
964 if (UNLIKELY(n_packets > helper->error_when_n_packets)__builtin_expect(((n_packets > helper->error_when_n_packets
)), (0)))
965 return FINALIZER_TIMEOUT;
966
967 return FINALIZER_TRY_AGAIN;
968}
969
970static inline enum lwan_read_finalizer
971read_request_finalizer(const struct lwan_value *buffer,
972 size_t want_to_read __attribute__((unused)),
973 const struct lwan_request *request,
974 int n_packets)
975{
976 return read_request_finalizer_from_helper(
977 buffer, request->helper, n_packets,
978 request->flags & REQUEST_ALLOW_PROXY_REQS);
979}
980
981static ALWAYS_INLINEinline __attribute__((always_inline)) enum lwan_http_status
982read_request(struct lwan_request *request)
983{
984 return client_read(request, request->helper->buffer,
985 DEFAULT_BUFFER_SIZE4096 - 1 /* -1 for NUL byte */,
986 read_request_finalizer);
987}
988
989static enum lwan_read_finalizer
990body_data_finalizer(const struct lwan_value *buffer,
991 size_t want_to_read,
992 const struct lwan_request *request,
993 int n_packets)
994{
995 const struct lwan_request_parser_helper *helper = request->helper;
996
997 if (want_to_read == buffer->len)
998 return FINALIZER_DONE;
999
1000 /* For POST requests, the body can be larger, and due to small MTUs on
1001 * most ethernet connections, responding with a timeout solely based on
1002 * number of packets doesn't work. Use keepalive timeout instead. */
1003 if (UNLIKELY(time(NULL) > helper->error_when_time)__builtin_expect(((time(((void*)0)) > helper->error_when_time
)), (0)))
1004 return FINALIZER_TIMEOUT;
1005
1006 /* In addition to time, also estimate the number of packets based on an
1007 * usual MTU value and the request body size. */
1008 if (UNLIKELY(n_packets > helper->error_when_n_packets)__builtin_expect(((n_packets > helper->error_when_n_packets
)), (0)))
1009 return FINALIZER_TIMEOUT;
1010
1011 return FINALIZER_TRY_AGAIN;
1012}
1013
1014static const char *is_dir(const char *v)
1015{
1016 struct stat st;
1017
1018 if (!v)
1019 return NULL((void*)0);
1020
1021 if (*v != '/')
1022 return NULL((void*)0);
1023
1024 if (stat(v, &st) < 0)
1025 return NULL((void*)0);
1026
1027 if (!S_ISDIR(st.st_mode)((((st.st_mode)) & 0170000) == (0040000)))
1028 return NULL((void*)0);
1029
1030 if (!(st.st_mode & S_ISVTX01000)) {
1031 lwan_status_warning(lwan_status_warning_debug("/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-request.c"
, 1034, __FUNCTION__, "Using %s as temporary directory, but it doesn't have "
"the sticky bit set.", v)
1032 "Using %s as temporary directory, but it doesn't have "lwan_status_warning_debug("/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-request.c"
, 1034, __FUNCTION__, "Using %s as temporary directory, but it doesn't have "
"the sticky bit set.", v)
1033 "the sticky bit set.",lwan_status_warning_debug("/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-request.c"
, 1034, __FUNCTION__, "Using %s as temporary directory, but it doesn't have "
"the sticky bit set.", v)
1034 v)lwan_status_warning_debug("/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-request.c"
, 1034, __FUNCTION__, "Using %s as temporary directory, but it doesn't have "
"the sticky bit set.", v);
1035 }
1036
1037 return v;
1038}
1039
1040static const char *is_dir_good_for_tmp(const char *v)
1041{
1042 struct statfs sb;
1043
1044 v = is_dir(v);
1045 if (!v)
1046 return NULL((void*)0);
1047
1048 if (!statfs(v, &sb) && sb.f_type == TMPFS_MAGIC0x01021994) {
1049 lwan_status_warning("%s is a tmpfs filesystem, "lwan_status_warning_debug("/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-request.c"
, 1050, __FUNCTION__, "%s is a tmpfs filesystem, " "not considering it"
, v)
1050 "not considering it", v)lwan_status_warning_debug("/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-request.c"
, 1050, __FUNCTION__, "%s is a tmpfs filesystem, " "not considering it"
, v);
1051 return NULL((void*)0);
1052 }
1053
1054 return v;
1055}
1056
1057static const char *temp_dir;
1058static const size_t body_buffer_temp_file_thresh = 1<<20;
1059
1060static const char *
1061get_temp_dir(void)
1062{
1063 const char *tmpdir;
1064
1065 tmpdir = is_dir_good_for_tmp(secure_getenv("TMPDIR"));
1066 if (tmpdir)
1067 return tmpdir;
1068
1069 tmpdir = is_dir_good_for_tmp(secure_getenv("TMP"));
1070 if (tmpdir)
1071 return tmpdir;
1072
1073 tmpdir = is_dir_good_for_tmp(secure_getenv("TEMP"));
1074 if (tmpdir)
1075 return tmpdir;
1076
1077 tmpdir = is_dir_good_for_tmp("/var/tmp");
1078 if (tmpdir)
1079 return tmpdir;
1080
1081 tmpdir = is_dir_good_for_tmp(P_tmpdir"/tmp");
1082 if (tmpdir)
1083 return tmpdir;
1084
1085 lwan_status_warning("Temporary directory could not be determined. POST "lwan_status_warning_debug("/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-request.c"
, 1087, __FUNCTION__, "Temporary directory could not be determined. POST "
"or PUT requests over %zu bytes bytes will fail.", body_buffer_temp_file_thresh
)
1086 "or PUT requests over %zu bytes bytes will fail.",lwan_status_warning_debug("/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-request.c"
, 1087, __FUNCTION__, "Temporary directory could not be determined. POST "
"or PUT requests over %zu bytes bytes will fail.", body_buffer_temp_file_thresh
)
1087 body_buffer_temp_file_thresh)lwan_status_warning_debug("/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-request.c"
, 1087, __FUNCTION__, "Temporary directory could not be determined. POST "
"or PUT requests over %zu bytes bytes will fail.", body_buffer_temp_file_thresh
);
1088 return NULL((void*)0);
1089}
1090
1091__attribute__((constructor)) static void initialize_temp_dir(void)
1092{
1093 temp_dir = get_temp_dir();
1094}
1095
1096static int create_temp_file(void)
1097{
1098 char template[PATH_MAX4096];
1099 mode_t prev_mask;
1100 int ret;
1101
1102 if (UNLIKELY(!temp_dir)__builtin_expect(((!temp_dir)), (0)))
1103 return -ENOENT2;
1104
1105#if defined(O_TMPFILE(020000000 | 0200000))
1106 int fd = open(temp_dir,
1107 O_TMPFILE(020000000 | 0200000) | O_CREAT0100 | O_RDWR02 | O_EXCL0200 | O_CLOEXEC02000000 |
1108 O_NOFOLLOW0400000 | O_NOATIME01000000,
1109 S_IRUSR0400 | S_IWUSR0200);
1110 if (LIKELY(fd >= 0)__builtin_expect((!!(fd >= 0)), (1)))
1111 return fd;
1112#endif
1113
1114 ret = snprintf(template, sizeof(template), "%s/lwanXXXXXX", temp_dir);
1115 if (UNLIKELY(ret < 0 || ret >= (int)sizeof(template))__builtin_expect(((ret < 0 || ret >= (int)sizeof(template
))), (0)))
1116 return -EOVERFLOW75;
1117
1118 prev_mask = umask_for_tmpfile(S_IRUSR | S_IWUSR)({ (void)(0400 | 0200); 0U; });
1119 ret = mkostemp(template, O_CLOEXEC02000000);
1120 umask_for_tmpfile(prev_mask)({ (void)(prev_mask); 0U; });
1121
1122 if (LIKELY(ret >= 0)__builtin_expect((!!(ret >= 0)), (1)))
1123 unlink(template);
1124
1125 return ret;
1126}
1127
1128struct file_backed_buffer {
1129 void *ptr;
1130 size_t size;
1131};
1132
1133static void
1134free_body_buffer(void *data)
1135{
1136 struct file_backed_buffer *buf = data;
1137
1138 munmap(buf->ptr, buf->size);
1139 free(buf);
1140}
1141
1142static void*
1143alloc_body_buffer(struct coro *coro, size_t size, bool_Bool allow_file)
1144{
1145 struct file_backed_buffer *buf;
1146 void *ptr = (void *)MAP_FAILED((void *) -1);
1147 int fd;
1148
1149 if (LIKELY(size < body_buffer_temp_file_thresh)__builtin_expect((!!(size < body_buffer_temp_file_thresh))
, (1))) {
1150 ptr = coro_malloc(coro, size);
1151
1152 if (LIKELY(ptr)__builtin_expect((!!(ptr)), (1)))
1153 return ptr;
1154 }
1155
1156 if (UNLIKELY(!allow_file)__builtin_expect(((!allow_file)), (0)))
1157 return NULL((void*)0);
1158
1159 fd = create_temp_file();
1160 if (UNLIKELY(fd < 0)__builtin_expect(((fd < 0)), (0)))
1161 return NULL((void*)0);
1162
1163 if (UNLIKELY(ftruncate(fd, (off_t)size) < 0)__builtin_expect(((ftruncate(fd, (off_t)size) < 0)), (0))) {
1164 close(fd);
1165 return NULL((void*)0);
1166 }
1167
1168 if (MAP_HUGETLB0x40000) {
1169 ptr = mmap(NULL((void*)0), size, PROT_READ0x1 | PROT_WRITE0x2,
1170 MAP_SHARED0x01 | MAP_HUGETLB0x40000, fd, 0);
1171 }
1172 if (UNLIKELY(ptr == MAP_FAILED)__builtin_expect(((ptr == ((void *) -1))), (0)))
1173 ptr = mmap(NULL((void*)0), size, PROT_READ0x1 | PROT_WRITE0x2, MAP_SHARED0x01, fd, 0);
1174 close(fd);
1175 if (UNLIKELY(ptr == MAP_FAILED)__builtin_expect(((ptr == ((void *) -1))), (0)))
1176 return NULL((void*)0);
1177
1178 buf = coro_malloc_full(coro, sizeof(*buf), free_body_buffer);
1179 if (UNLIKELY(!buf)__builtin_expect(((!buf)), (0))) {
1180 munmap(ptr, size);
1181 return NULL((void*)0);
1182 }
1183
1184 buf->ptr = ptr;
1185 buf->size = size;
1186 return ptr;
1187}
1188
1189static enum lwan_http_status
1190get_remaining_body_data_length(struct lwan_request *request,
1191 const size_t max_size,
1192 size_t *total,
1193 size_t *have)
1194{
1195 struct lwan_request_parser_helper *helper = request->helper;
1196 long long parsed_size;
1197
1198 if (UNLIKELY(!helper->content_length.value)__builtin_expect(((!helper->content_length.value)), (0)))
1199 return HTTP_BAD_REQUEST;
1200
1201 parsed_size = parse_long_long(helper->content_length.value, -1);
1202 if (UNLIKELY(parsed_size < 0)__builtin_expect(((parsed_size < 0)), (0)))
1203 return HTTP_BAD_REQUEST;
1204 if (UNLIKELY((size_t)parsed_size >= max_size)__builtin_expect((((size_t)parsed_size >= max_size)), (0)))
1205 return HTTP_TOO_LARGE;
1206 if (UNLIKELY(!parsed_size)__builtin_expect(((!parsed_size)), (0)))
1207 return HTTP_OK;
1208
1209 *total = (size_t)parsed_size;
1210
1211 if (!helper->next_request) {
1212 *have = 0;
1213 return HTTP_PARTIAL_CONTENT;
1214 }
1215
1216 char *buffer_end = helper->buffer->value + helper->buffer->len;
1217
1218 *have = (size_t)(buffer_end - helper->next_request);
1219
1220 if (*have < *total)
1221 return HTTP_PARTIAL_CONTENT;
1222
1223 helper->body_data.value = helper->next_request;
1224 helper->body_data.len = *total;
1225 helper->next_request += *total;
1226 return HTTP_OK;
1227}
1228
1229static int read_body_data(struct lwan_request *request)
1230{
1231 /* Holy indirection, Batman! */
1232 const struct lwan_config *config = &request->conn->thread->lwan->config;
1233 struct lwan_request_parser_helper *helper = request->helper;
1234 enum lwan_http_status status;
1235 size_t total, have, max_data_size;
1236 bool_Bool allow_temp_file;
1237 char *new_buffer;
1238
1239 switch (lwan_request_get_method(request)) {
1240 case REQUEST_METHOD_POST:
1241 allow_temp_file = config->allow_post_temp_file;
1242 max_data_size = config->max_post_data_size;
1243 break;
1244 case REQUEST_METHOD_PUT:
1245 allow_temp_file = config->allow_put_temp_file;
1246 max_data_size = config->max_put_data_size;
1247 break;
1248 default:
1249 return -HTTP_NOT_ALLOWED;
1250 }
1251
1252 status =
1253 get_remaining_body_data_length(request, max_data_size, &total, &have);
1254 if (status != HTTP_PARTIAL_CONTENT)
1255 return -(int)status;
1256
1257 new_buffer =
1258 alloc_body_buffer(request->conn->coro, total + 1, allow_temp_file);
1259 if (UNLIKELY(!new_buffer)__builtin_expect(((!new_buffer)), (0)))
1260 return -HTTP_INTERNAL_ERROR;
1261
1262 if (!(request->flags & REQUEST_IS_HTTP_1_0)) {
1263 /* §8.2.3 https://www.w3.org/Protocols/rfc2616/rfc2616-sec8.html */
1264 const char *expect = lwan_request_get_header(request, "Expect");
1265
1266 if (expect && strncmp(expect, "100-", 4) == 0) {
1267 static const char continue_header[] = "HTTP/1.1 100 Continue\r\n\r\n";
1268
1269 lwan_send(request, continue_header, sizeof(continue_header) - 1, 0);
1270 }
1271 }
1272
1273 helper->body_data.value = new_buffer;
1274 helper->body_data.len = total;
1275 if (have) {
1276 new_buffer = mempcpy(new_buffer, helper->next_request, have);
1277 total -= have;
1278 }
1279 helper->next_request = NULL((void*)0);
1280
1281 helper->error_when_time = time(NULL((void*)0)) + config->keep_alive_timeout;
1282 helper->error_when_n_packets = lwan_calculate_n_packets(total);
1283
1284 struct lwan_value buffer = {.value = new_buffer, .len = total};
1285 return (int)client_read(request, &buffer, total, body_data_finalizer);
1286}
1287
1288static char *
1289parse_proxy_protocol(struct lwan_request *request, char *buffer)
1290{
1291 STRING_SWITCH(buffer)switch (string_as_uint32(buffer)) {
1292 case STR4_INT('P','R','O','X')((uint32_t)(('P') | ('R') << 8 | ('O') << 16 | ('X'
) << 24)):
1293 return parse_proxy_protocol_v1(request, buffer);
1294 case STR4_INT('\x0D','\x0A','\x0D','\x0A')((uint32_t)(('\x0D') | ('\x0A') << 8 | ('\x0D') <<
16 | ('\x0A') << 24)):
1295 return parse_proxy_protocol_v2(request, buffer);
1296 }
1297
1298 return buffer;
1299}
1300
1301static enum lwan_http_status parse_http_request(struct lwan_request *request)
1302{
1303 struct lwan_request_parser_helper *helper = request->helper;
1304 char *buffer = helper->buffer->value;
1305
1306 if (request->flags & REQUEST_ALLOW_PROXY_REQS) {
1307 /* REQUEST_ALLOW_PROXY_REQS will be cleared in lwan_process_request() */
1308
1309 buffer = parse_proxy_protocol(request, buffer);
1310 if (UNLIKELY(!buffer)__builtin_expect(((!buffer)), (0)))
1311 return HTTP_BAD_REQUEST;
1312 }
1313
1314 buffer = ignore_leading_whitespace(buffer);
1315
1316 if (UNLIKELY(buffer > helper->buffer->value + helper->buffer->len -__builtin_expect(((buffer > helper->buffer->value + helper
->buffer->len - (sizeof("GET / HTTP/1.1\r\n\r\n") - 1))
), (0))
1317 MIN_REQUEST_SIZE)__builtin_expect(((buffer > helper->buffer->value + helper
->buffer->len - (sizeof("GET / HTTP/1.1\r\n\r\n") - 1))
), (0)))
1318 return HTTP_BAD_REQUEST;
1319
1320 char *path = identify_http_method(request, buffer);
1321 if (UNLIKELY(!path)__builtin_expect(((!path)), (0)))
1322 return HTTP_NOT_ALLOWED;
1323
1324 buffer = identify_http_path(request, path);
1325 if (UNLIKELY(!buffer)__builtin_expect(((!buffer)), (0)))
1326 return HTTP_BAD_REQUEST;
1327
1328 if (UNLIKELY(!parse_headers(helper, buffer))__builtin_expect(((!parse_headers(helper, buffer))), (0)))
1329 return HTTP_BAD_REQUEST;
1330
1331 ssize_t decoded_len = url_decode(request->url.value);
1332 if (UNLIKELY(decoded_len < 0)__builtin_expect(((decoded_len < 0)), (0)))
1333 return HTTP_BAD_REQUEST;
1334 request->original_url.len = request->url.len = (size_t)decoded_len;
1335
1336 parse_connection_header(request);
1337
1338 return HTTP_OK;
1339}
1340
1341static enum lwan_http_status
1342prepare_websocket_handshake(struct lwan_request *request, char **encoded)
1343{
1344 static const unsigned char websocket_uuid[] =
1345 "258EAFA5-E914-47DA-95CA-C5AB0DC85B11";
1346 unsigned char digest[20];
1347 sha1_context ctx;
1348
1349 if (UNLIKELY(request->flags & RESPONSE_SENT_HEADERS)__builtin_expect(((request->flags & RESPONSE_SENT_HEADERS
)), (0)))
1350 return HTTP_INTERNAL_ERROR;
1351
1352 if (UNLIKELY(!(request->conn->flags & CONN_IS_UPGRADE))__builtin_expect(((!(request->conn->flags & CONN_IS_UPGRADE
))), (0)))
1353 return HTTP_BAD_REQUEST;
1354
1355 const char *upgrade = lwan_request_get_header(request, "Upgrade");
1356 if (UNLIKELY(!upgrade || !streq(upgrade, "websocket"))__builtin_expect(((!upgrade || !streq(upgrade, "websocket")))
, (0)))
1357 return HTTP_BAD_REQUEST;
1358
1359 const char *sec_websocket_key =
1360 lwan_request_get_header(request, "Sec-WebSocket-Key");
1361 if (UNLIKELY(!sec_websocket_key)__builtin_expect(((!sec_websocket_key)), (0)))
1362 return HTTP_BAD_REQUEST;
1363
1364 const size_t sec_websocket_key_len = strlen(sec_websocket_key);
1365 if (base64_encoded_len(16) != sec_websocket_key_len)
1366 return HTTP_BAD_REQUEST;
1367 if (UNLIKELY(!base64_validate((void *)sec_websocket_key, sec_websocket_key_len))__builtin_expect(((!base64_validate((void *)sec_websocket_key
, sec_websocket_key_len))), (0)))
1368 return HTTP_BAD_REQUEST;
1369
1370 sha1_init(&ctx);
1371 sha1_update(&ctx, (void *)sec_websocket_key, sec_websocket_key_len);
1372 sha1_update(&ctx, websocket_uuid, sizeof(websocket_uuid) - 1);
1373 sha1_finalize(&ctx, digest);
1374
1375 *encoded = (char *)base64_encode(digest, sizeof(digest), NULL((void*)0));
1376 return LIKELY(*encoded)__builtin_expect((!!(*encoded)), (1)) ? HTTP_SWITCHING_PROTOCOLS : HTTP_INTERNAL_ERROR;
1377}
1378
1379enum lwan_http_status
1380lwan_request_websocket_upgrade(struct lwan_request *request)
1381{
1382 char header_buf[DEFAULT_HEADERS_SIZE2048];
1383 size_t header_buf_len;
1384 char *encoded;
1385
1386 enum lwan_http_status r = prepare_websocket_handshake(request, &encoded);
1387 if (r != HTTP_SWITCHING_PROTOCOLS)
1388 return r;
1389
1390 request->flags |= RESPONSE_NO_CONTENT_LENGTH;
1391 header_buf_len = lwan_prepare_response_header_full(
1392 request, HTTP_SWITCHING_PROTOCOLS, header_buf, sizeof(header_buf),
1393 (struct lwan_key_value[]){
1394 /* Connection: Upgrade is implicit if conn->flags & CONN_IS_UPGRADE */
1395 {.key = "Sec-WebSocket-Accept", .value = encoded},
1396 {.key = "Upgrade", .value = "websocket"},
1397 {},
1398 });
1399 free(encoded);
1400 if (UNLIKELY(!header_buf_len)__builtin_expect(((!header_buf_len)), (0)))
1401 return HTTP_INTERNAL_ERROR;
1402
1403 request->conn->flags |= CONN_IS_WEBSOCKET;
1404 lwan_send(request, header_buf, header_buf_len, 0);
1405
1406 return HTTP_SWITCHING_PROTOCOLS;
1407}
1408
1409static inline bool_Bool request_has_body(const struct lwan_request *request)
1410{
1411 /* 3rd bit set in method: request method has body. See lwan.h,
1412 * definition of FOR_EACH_REQUEST_METHOD() for more info. */
1413 return lwan_request_get_method(request) & 1 << 3;
1414}
1415
1416static enum lwan_http_status
1417maybe_read_body_data(const struct lwan_url_map *url_map,
1418 struct lwan_request *request)
1419{
1420 int status = 0;
1421
1422 if (url_map->flags & HANDLER_EXPECTS_BODY_DATA) {
1423 status = read_body_data(request);
1424 if (status > 0)
1425 return (enum lwan_http_status)status;
1426 }
1427
1428 /* Instead of trying to read the body here, which will require
1429 * us to allocate and read potentially a lot of bytes, force
1430 * this connection to be closed as soon as we send a "not allowed"
1431 * response. */
1432 request->conn->flags &= ~CONN_IS_KEEP_ALIVE;
1433
1434 if (status < 0) {
1435 status = -status;
1436 return (enum lwan_http_status)status;
1437 }
1438
1439 return HTTP_NOT_ALLOWED;
1440}
1441
1442static enum lwan_http_status prepare_for_response(const struct lwan_url_map *url_map,
1443 struct lwan_request *request)
1444{
1445 request->url.value += url_map->prefix_len;
1446 request->url.len -= url_map->prefix_len;
1447 while (*request->url.value == '/' && request->url.len > 0) {
1448 request->url.value++;
1449 request->url.len--;
1450 }
1451
1452 if (UNLIKELY(url_map->flags & HANDLER_MUST_AUTHORIZE)__builtin_expect(((url_map->flags & HANDLER_MUST_AUTHORIZE
)), (0))) {
1453 if (!lwan_http_authorize_urlmap(request, url_map))
1454 return HTTP_NOT_AUTHORIZED;
1455 }
1456
1457 if (UNLIKELY(request_has_body(request))__builtin_expect(((request_has_body(request))), (0)))
1458 return maybe_read_body_data(url_map, request);
1459
1460 return HTTP_OK;
1461}
1462
1463static bool_Bool handle_rewrite(struct lwan_request *request)
1464{
1465 struct lwan_request_parser_helper *helper = request->helper;
1466
1467 request->flags &= ~RESPONSE_URL_REWRITTEN;
1468
1469 find_query_string(request, request->url.value + request->url.len);
1470
1471 helper->urls_rewritten++;
1472 if (UNLIKELY(helper->urls_rewritten > 4)__builtin_expect(((helper->urls_rewritten > 4)), (0))) {
1473 lwan_default_response(request, HTTP_INTERNAL_ERROR);
1474 return false0;
1475 }
1476
1477 return true1;
1478}
1479
1480const char *lwan_request_get_method_str(const struct lwan_request *request)
1481{
1482#define GENERATE_CASE_STMT(upper, lower, mask, constant, probability) \
1483 case REQUEST_METHOD_##upper: \
1484 return #upper;
1485
1486 switch (lwan_request_get_method(request)) {
1487 FOR_EACH_REQUEST_METHOD(GENERATE_CASE_STMT)GENERATE_CASE_STMT(GET, get, (1 << 0), (((uint32_t)(('G'
) | ('E') << 8 | ('T') << 16 | (' ') << 24)
)), 0.6) GENERATE_CASE_STMT(POST, post, (1 << 3 | 1 <<
1 | 1 << 0), (((uint32_t)(('P') | ('O') << 8 | (
'S') << 16 | ('T') << 24))), 0.2) GENERATE_CASE_STMT
(HEAD, head, (1 << 1), (((uint32_t)(('H') | ('E') <<
8 | ('A') << 16 | ('D') << 24))), 0.2) GENERATE_CASE_STMT
(OPTIONS, options, (1 << 2), (((uint32_t)(('O') | ('P')
<< 8 | ('T') << 16 | ('I') << 24))), 0.1) GENERATE_CASE_STMT
(DELETE, delete, (1 << 1 | 1 << 2), (((uint32_t)(
('D') | ('E') << 8 | ('L') << 16 | ('E') <<
24))), 0.1) GENERATE_CASE_STMT(PUT, put, (1 << 3 | 1 <<
2 | 1 << 0), (((uint32_t)(('P') | ('U') << 8 | (
'T') << 16 | (' ') << 24))), 0.1)
1488 default:
1489 return "UNKNOWN";
1490 }
1491#undef GENERATE_CASE_STMT
1492}
1493
1494#ifndef NDEBUG
1495static void log_request(struct lwan_request *request,
1496 enum lwan_http_status status,
1497 double time_to_read_request,
1498 double time_to_process_request)
1499{
1500 char ip_buffer[INET6_ADDRSTRLEN46];
1501
1502 lwan_status_debug(lwan_status_debug_debug("/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-request.c"
, 1509, __FUNCTION__, "%s [%s] %016lx \"%s %s HTTP/%s\" %d %s (r:%.3fms p:%.3fms)"
, lwan_request_get_remote_address(request, ip_buffer), request
->conn->thread->date.date, lwan_request_get_id(request
), lwan_request_get_method_str(request), request->original_url
.value, request->flags & REQUEST_IS_HTTP_1_0 ? "1.0" :
"1.1", status, request->response.mime_type, time_to_read_request
, time_to_process_request)
5
Calling 'lwan_request_get_remote_address'
1503 "%s [%s] %016lx \"%s %s HTTP/%s\" %d %s (r:%.3fms p:%.3fms)",lwan_status_debug_debug("/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-request.c"
, 1509, __FUNCTION__, "%s [%s] %016lx \"%s %s HTTP/%s\" %d %s (r:%.3fms p:%.3fms)"
, lwan_request_get_remote_address(request, ip_buffer), request
->conn->thread->date.date, lwan_request_get_id(request
), lwan_request_get_method_str(request), request->original_url
.value, request->flags & REQUEST_IS_HTTP_1_0 ? "1.0" :
"1.1", status, request->response.mime_type, time_to_read_request
, time_to_process_request)
1504 lwan_request_get_remote_address(request, ip_buffer),lwan_status_debug_debug("/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-request.c"
, 1509, __FUNCTION__, "%s [%s] %016lx \"%s %s HTTP/%s\" %d %s (r:%.3fms p:%.3fms)"
, lwan_request_get_remote_address(request, ip_buffer), request
->conn->thread->date.date, lwan_request_get_id(request
), lwan_request_get_method_str(request), request->original_url
.value, request->flags & REQUEST_IS_HTTP_1_0 ? "1.0" :
"1.1", status, request->response.mime_type, time_to_read_request
, time_to_process_request)
1505 request->conn->thread->date.date, lwan_request_get_id(request),lwan_status_debug_debug("/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-request.c"
, 1509, __FUNCTION__, "%s [%s] %016lx \"%s %s HTTP/%s\" %d %s (r:%.3fms p:%.3fms)"
, lwan_request_get_remote_address(request, ip_buffer), request
->conn->thread->date.date, lwan_request_get_id(request
), lwan_request_get_method_str(request), request->original_url
.value, request->flags & REQUEST_IS_HTTP_1_0 ? "1.0" :
"1.1", status, request->response.mime_type, time_to_read_request
, time_to_process_request)
1506 lwan_request_get_method_str(request), request->original_url.value,lwan_status_debug_debug("/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-request.c"
, 1509, __FUNCTION__, "%s [%s] %016lx \"%s %s HTTP/%s\" %d %s (r:%.3fms p:%.3fms)"
, lwan_request_get_remote_address(request, ip_buffer), request
->conn->thread->date.date, lwan_request_get_id(request
), lwan_request_get_method_str(request), request->original_url
.value, request->flags & REQUEST_IS_HTTP_1_0 ? "1.0" :
"1.1", status, request->response.mime_type, time_to_read_request
, time_to_process_request)
1507 request->flags & REQUEST_IS_HTTP_1_0 ? "1.0" : "1.1", status,lwan_status_debug_debug("/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-request.c"
, 1509, __FUNCTION__, "%s [%s] %016lx \"%s %s HTTP/%s\" %d %s (r:%.3fms p:%.3fms)"
, lwan_request_get_remote_address(request, ip_buffer), request
->conn->thread->date.date, lwan_request_get_id(request
), lwan_request_get_method_str(request), request->original_url
.value, request->flags & REQUEST_IS_HTTP_1_0 ? "1.0" :
"1.1", status, request->response.mime_type, time_to_read_request
, time_to_process_request)
1508 request->response.mime_type, time_to_read_request,lwan_status_debug_debug("/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-request.c"
, 1509, __FUNCTION__, "%s [%s] %016lx \"%s %s HTTP/%s\" %d %s (r:%.3fms p:%.3fms)"
, lwan_request_get_remote_address(request, ip_buffer), request
->conn->thread->date.date, lwan_request_get_id(request
), lwan_request_get_method_str(request), request->original_url
.value, request->flags & REQUEST_IS_HTTP_1_0 ? "1.0" :
"1.1", status, request->response.mime_type, time_to_read_request
, time_to_process_request)
1509 time_to_process_request)lwan_status_debug_debug("/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-request.c"
, 1509, __FUNCTION__, "%s [%s] %016lx \"%s %s HTTP/%s\" %d %s (r:%.3fms p:%.3fms)"
, lwan_request_get_remote_address(request, ip_buffer), request
->conn->thread->date.date, lwan_request_get_id(request
), lwan_request_get_method_str(request), request->original_url
.value, request->flags & REQUEST_IS_HTTP_1_0 ? "1.0" :
"1.1", status, request->response.mime_type, time_to_read_request
, time_to_process_request);
1510}
1511#else
1512#define log_request(...)
1513#endif
1514
1515#ifndef NDEBUG
1516static struct timespec current_precise_monotonic_timespec(void)
1517{
1518 struct timespec now;
1519
1520 if (UNLIKELY(clock_gettime(CLOCK_MONOTONIC, &now) < 0)__builtin_expect(((clock_gettime(1, &now) < 0)), (0))) {
1521 lwan_status_perror("clock_gettime")lwan_status_perror_debug("/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-request.c"
, 1521, __FUNCTION__, "clock_gettime");
1522 return (struct timespec){};
1523 }
1524
1525 return now;
1526}
1527
1528static double elapsed_time_ms(const struct timespec then)
1529{
1530 const struct timespec now = current_precise_monotonic_timespec();
1531 struct timespec diff = {
1532 .tv_sec = now.tv_sec - then.tv_sec,
1533 .tv_nsec = now.tv_nsec - then.tv_nsec,
1534 };
1535
1536 if (diff.tv_nsec < 0) {
1537 diff.tv_sec--;
1538 diff.tv_nsec += 1000000000l;
1539 }
1540
1541 return (double)diff.tv_sec / 1000.0 + (double)diff.tv_nsec / 1000000.0;
1542}
1543#endif
1544
1545void lwan_process_request(struct lwan *l, struct lwan_request *request)
1546{
1547 enum lwan_http_status status;
1548 struct lwan_url_map *url_map;
1549
1550#ifndef NDEBUG
1551 struct timespec request_read_begin_time = current_precise_monotonic_timespec();
1552#endif
1553 status = read_request(request);
1554
1555#ifndef NDEBUG
1556 double time_to_read_request = elapsed_time_ms(request_read_begin_time);
1557
1558 struct timespec request_begin_time = current_precise_monotonic_timespec();
1559#endif
1560 if (UNLIKELY(status != HTTP_OK)__builtin_expect(((status != HTTP_OK)), (0))) {
1
Taking false branch
1561 /* If read_request() returns any error at this point, it's probably
1562 * better to just send an error response and abort the coroutine and
1563 * let the client handle the error instead: we don't have
1564 * information to even log the request because it has not been
1565 * parsed yet at this stage. Even if there are other requests waiting
1566 * in the pipeline, this seems like the safer thing to do. */
1567 request->conn->flags &= ~CONN_IS_KEEP_ALIVE;
1568 lwan_default_response(request, status);
1569 /* Let process_request_coro() gracefully close the connection. */
1570 return;
1571 }
1572
1573 status = parse_http_request(request);
1574 if (UNLIKELY(status != HTTP_OK)__builtin_expect(((status != HTTP_OK)), (0)))
2
Taking true branch
1575 goto log_and_return;
3
Control jumps to line 1598
1576
1577lookup_again:
1578 url_map = lwan_trie_lookup_prefix(&l->url_map_trie, request->url.value);
1579 if (UNLIKELY(!url_map)__builtin_expect(((!url_map)), (0))) {
1580 status = HTTP_NOT_FOUND;
1581 goto log_and_return;
1582 }
1583
1584 status = prepare_for_response(url_map, request);
1585 if (UNLIKELY(status != HTTP_OK)__builtin_expect(((status != HTTP_OK)), (0)))
1586 goto log_and_return;
1587
1588 status = url_map->handler(request, &request->response, url_map->data);
1589 if (UNLIKELY(url_map->flags & HANDLER_CAN_REWRITE_URL)__builtin_expect(((url_map->flags & HANDLER_CAN_REWRITE_URL
)), (0))) {
1590 if (request->flags & RESPONSE_URL_REWRITTEN) {
1591 if (LIKELY(handle_rewrite(request))__builtin_expect((!!(handle_rewrite(request))), (1)))
1592 goto lookup_again;
1593 return;
1594 }
1595 }
1596
1597log_and_return:
1598 lwan_response(request, status);
1599
1600 log_request(request, status, time_to_read_request, elapsed_time_ms(request_begin_time));
4
Calling 'log_request'
1601}
1602
1603static inline void *
1604value_lookup(const struct lwan_key_value_array *array, const char *key)
1605{
1606 const struct lwan_array *la = (const struct lwan_array *)array;
1607
1608 if (LIKELY(la->elements)__builtin_expect((!!(la->elements)), (1))) {
1609 struct lwan_key_value k = { .key = (char *)key };
1610 struct lwan_key_value *entry;
1611
1612 entry = bsearch(&k, la->base, la->elements, sizeof(k), key_value_compare);
1613 if (LIKELY(entry)__builtin_expect((!!(entry)), (1)))
1614 return entry->value;
1615 }
1616
1617 return NULL((void*)0);
1618}
1619
1620const char *lwan_request_get_query_param(struct lwan_request *request,
1621 const char *key)
1622{
1623 return value_lookup(lwan_request_get_query_params(request), key);
1624}
1625
1626const char *lwan_request_get_post_param(struct lwan_request *request,
1627 const char *key)
1628{
1629 return value_lookup(lwan_request_get_post_params(request), key);
1630}
1631
1632const char *lwan_request_get_cookie(struct lwan_request *request,
1633 const char *key)
1634{
1635 return value_lookup(lwan_request_get_cookies(request), key);
1636}
1637
1638const char *
1639lwan_request_get_header_from_helper(struct lwan_request_parser_helper *helper,
1640 const char *header)
1641{
1642 const size_t header_len = strlen(header);
1643 const size_t header_len_with_separator =
1644 header_len + HEADER_VALUE_SEPARATOR_LEN(sizeof(": ") - 1);
1645
1646 assert(strchr(header, ':') == NULL)((void) sizeof ((strchr(header, ':') == ((void*)0)) ? 1 : 0),
__extension__ ({ if (strchr(header, ':') == ((void*)0)) ; else
__assert_fail ("strchr(header, ':') == NULL", "/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-request.c"
, 1646, __extension__ __PRETTY_FUNCTION__); }));
1647
1648 for (size_t i = 0; i < helper->n_header_start; i++) {
1649 const char *start = helper->header_start[i];
1650 char *end = helper->header_start[i + 1] - HEADER_TERMINATOR_LEN(sizeof("\r\n") - 1);
1651
1652 if (UNLIKELY((size_t)(end - start) < header_len_with_separator)__builtin_expect((((size_t)(end - start) < header_len_with_separator
)), (0)))
1653 continue;
1654
1655 STRING_SWITCH_SMALL (start + header_len)switch (string_as_uint16(start + header_len)) {
1656 case STR2_INT(':', ' ')((uint16_t)((':') | (' ') << 8)):
1657 if (!strncasecmp(start, header, header_len)) {
1658 *end = '\0';
1659 return start + header_len_with_separator;
1660 }
1661 }
1662 }
1663
1664 return NULL((void*)0);
1665}
1666
1667inline const char *lwan_request_get_header(struct lwan_request *request,
1668 const char *header)
1669{
1670 return lwan_request_get_header_from_helper(request->helper, header);
1671}
1672
1673const char *lwan_request_get_host(struct lwan_request *request)
1674{
1675 const struct lwan_request_parser_helper *helper = request->helper;
1676
1677 return helper->host.len ? helper->host.value : NULL((void*)0);
1678}
1679
1680ALWAYS_INLINEinline __attribute__((always_inline)) int
1681lwan_connection_get_fd(const struct lwan *lwan, const struct lwan_connection *conn)
1682{
1683 return (int)(intptr_t)(conn - lwan->conns);
1684}
1685
1686const char *
1687lwan_request_get_remote_address_and_port(struct lwan_request *request,
1688 char buffer[static INET6_ADDRSTRLEN46],
1689 uint16_t *port)
1690{
1691 struct sockaddr_storage non_proxied_addr = {.ss_family = AF_UNSPEC0};
1692 struct sockaddr_storage *sock_addr;
1693
1694 *port = 0;
1695
1696 if (request->flags & REQUEST_PROXIED) {
7
Assuming the condition is false
8
Taking false branch
1697 sock_addr = (struct sockaddr_storage *)&request->proxy->from;
1698
1699 if (UNLIKELY(sock_addr->ss_family == AF_UNSPEC)__builtin_expect(((sock_addr->ss_family == 0)), (0))) {
1700 static const char unspecified[] = "*unspecified*";
1701
1702 static_assert_Static_assert(sizeof(unspecified) <= INET6_ADDRSTRLEN46,
1703 "Enough space for unspecified address family");
1704 return memcpy(buffer, unspecified, sizeof(unspecified));
1705 }
1706 } else {
1707 socklen_t sock_len = sizeof(non_proxied_addr);
1708
1709 sock_addr = &non_proxied_addr;
1710
1711 if (UNLIKELY(getpeername(request->fd, (struct sockaddr *)sock_addr,__builtin_expect(((getpeername(request->fd, (struct sockaddr
*)sock_addr, &sock_len) < 0)), (0))
9
Assuming the condition is false
10
Taking false branch
1712 &sock_len) < 0)__builtin_expect(((getpeername(request->fd, (struct sockaddr
*)sock_addr, &sock_len) < 0)), (0))) {
1713 return NULL((void*)0);
1714 }
1715 }
1716
1717 if (sock_addr->ss_family
10.1
Field 'ss_family' is not equal to AF_INET
 == AF_INET2) {
11
Taking false branch
1718 struct sockaddr_in *sin = (struct sockaddr_in *)sock_addr;
1719 *port = ntohs(sin->sin_port);
1720 return inet_ntop(AF_INET2, &sin->sin_addr, buffer, INET6_ADDRSTRLEN46);
1721 }
1722
1723 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sock_addr;
1724 *port = ntohs(sin6->sin6_port);
12
1st function call argument is an uninitialized value
1725 return inet_ntop(AF_INET610, &sin6->sin6_addr, buffer, INET6_ADDRSTRLEN46);
1726}
1727
1728const char *
1729lwan_request_get_remote_address(struct lwan_request *request,
1730 char buffer[static INET6_ADDRSTRLEN46])
1731{
1732 uint16_t port;
1733 return lwan_request_get_remote_address_and_port(request, buffer, &port);
6
Calling 'lwan_request_get_remote_address_and_port'
1734}
1735
1736static void remove_sleep(void *data1, void *data2)
1737{
1738 static const enum lwan_connection_flags suspended_sleep =
1739 CONN_SUSPENDED | CONN_HAS_REMOVE_SLEEP_DEFER;
1740 struct timeouts *wheel = data1;
1741 struct timeout *timeout = data2;
1742 struct lwan_request *request =
1743 container_of(timeout, struct lwan_request, timeout)((struct lwan_request *) ((char *)(timeout) - __builtin_offsetof
(struct lwan_request, timeout)) + ((typeof(*(timeout)) *)0 !=
(typeof(((struct lwan_request *)0)->timeout) *)0));
1744
1745 if ((request->conn->flags & suspended_sleep) == suspended_sleep)
1746 timeouts_del(wheel, timeout);
1747
1748 request->conn->flags &= ~CONN_HAS_REMOVE_SLEEP_DEFER;
1749}
1750
1751void lwan_request_sleep(struct lwan_request *request, uint64_t ms)
1752{
1753 struct lwan_connection *conn = request->conn;
1754 struct timeouts *wheel = conn->thread->wheel;
1755 struct timespec now;
1756 coro_deferred defer = -1;
1757
1758 /* We need to update the timer wheel right now because
1759 * a request might have requested to sleep a long time
1760 * before it was being serviced -- causing the timeout
1761 * to essentially be a no-op. */
1762 if (UNLIKELY(clock_gettime(monotonic_clock_id, &now) < 0)__builtin_expect(((clock_gettime(monotonic_clock_id, &now
) < 0)), (0)))
1763 lwan_status_critical("Could not get monotonic time")lwan_status_critical_debug("/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-request.c"
, 1763, __FUNCTION__, "Could not get monotonic time");
1764 timeouts_update(wheel, (timeout_t)(now.tv_sec * 1000 + now.tv_nsec / 1000000));
1765
1766 request->timeout = (struct timeout) {};
1767 timeouts_add(wheel, &request->timeout, ms);
1768
1769 if (!(conn->flags & CONN_HAS_REMOVE_SLEEP_DEFER)) {
1770 defer = coro_defer2(conn->coro, remove_sleep, wheel, &request->timeout);
1771 conn->flags |= CONN_HAS_REMOVE_SLEEP_DEFER;
1772 }
1773
1774 coro_yield(conn->coro, CONN_CORO_SUSPEND);
1775
1776 if (defer > 0)
1777 coro_defer_fire_and_disarm(conn->coro, defer);
1778}
1779
1780ALWAYS_INLINEinline __attribute__((always_inline)) int
1781lwan_request_get_range(struct lwan_request *request, off_t *from, off_t *to)
1782{
1783 struct lwan_request_parser_helper *helper = request->helper;
1784
1785 if (!(request->flags & REQUEST_PARSED_RANGE)) {
1786 parse_range(helper);
1787 request->flags |= REQUEST_PARSED_RANGE;
1788 }
1789
1790 if (LIKELY(helper->range.raw.len)__builtin_expect((!!(helper->range.raw.len)), (1))) {
1791 *from = helper->range.from;
1792 *to = helper->range.to;
1793 return 0;
1794 }
1795
1796 return -ENOENT2;
1797}
1798
1799ALWAYS_INLINEinline __attribute__((always_inline)) int
1800lwan_request_get_if_modified_since(struct lwan_request *request, time_t *value)
1801{
1802 struct lwan_request_parser_helper *helper = request->helper;
1803
1804 if (!(request->flags & REQUEST_PARSED_IF_MODIFIED_SINCE)) {
1805 parse_if_modified_since(helper);
1806 request->flags |= REQUEST_PARSED_IF_MODIFIED_SINCE;
1807 }
1808
1809 if (LIKELY(helper->if_modified_since.raw.len)__builtin_expect((!!(helper->if_modified_since.raw.len)), (
1))) {
1810 *value = helper->if_modified_since.parsed;
1811 return 0;
1812 }
1813
1814 return -ENOENT2;
1815}
1816
1817ALWAYS_INLINEinline __attribute__((always_inline)) const struct lwan_value *
1818lwan_request_get_request_body(struct lwan_request *request)
1819{
1820 return &request->helper->body_data;
1821}
1822
1823ALWAYS_INLINEinline __attribute__((always_inline)) const struct lwan_value *
1824lwan_request_get_content_type(struct lwan_request *request)
1825{
1826 return &request->helper->content_type;
1827}
1828
1829ALWAYS_INLINEinline __attribute__((always_inline)) const struct lwan_key_value_array *
1830lwan_request_get_cookies(struct lwan_request *request)
1831{
1832 if (!(request->flags & REQUEST_PARSED_COOKIES)) {
1833 parse_cookies(request);
1834 request->flags |= REQUEST_PARSED_COOKIES;
1835 }
1836
1837 return &request->helper->cookies;
1838}
1839
1840ALWAYS_INLINEinline __attribute__((always_inline)) const struct lwan_key_value_array *
1841lwan_request_get_query_params(struct lwan_request *request)
1842{
1843 if (!(request->flags & REQUEST_PARSED_QUERY_STRING)) {
1844 parse_query_string(request);
1845 request->flags |= REQUEST_PARSED_QUERY_STRING;
1846 }
1847
1848 return &request->helper->query_params;
1849}
1850
1851ALWAYS_INLINEinline __attribute__((always_inline)) const struct lwan_key_value_array *
1852lwan_request_get_post_params(struct lwan_request *request)
1853{
1854 if (!(request->flags & REQUEST_PARSED_FORM_DATA)) {
1855 parse_form_data(request);
1856 request->flags |= REQUEST_PARSED_FORM_DATA;
1857 }
1858
1859 return &request->helper->post_params;
1860}
1861
1862ALWAYS_INLINEinline __attribute__((always_inline)) enum lwan_request_flags
1863lwan_request_get_accept_encoding(struct lwan_request *request)
1864{
1865 if (!(request->flags & REQUEST_PARSED_ACCEPT_ENCODING)) {
1866 parse_accept_encoding(request);
1867 request->flags |= REQUEST_PARSED_ACCEPT_ENCODING;
1868 }
1869
1870 return request->flags & REQUEST_ACCEPT_MASK;
1871}
1872
1873#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
1874static int useless_coro_for_fuzzing(struct coro *c __attribute__((unused)),
1875 void *data __attribute__((unused)))
1876{
1877 return 0;
1878}
1879
1880static bool_Bool request_seems_complete(struct lwan_request_parser_helper *helper)
1881{
1882 return read_request_finalizer_from_helper(helper->buffer, helper, 1,
1883 false0) == FINALIZER_DONE;
1884}
1885
1886__attribute__((used)) int fuzz_parse_http_request(const uint8_t *data,
1887 size_t length)
1888{
1889 static struct coro_switcher switcher;
1890 static struct coro *coro;
1891 static char *header_start[N_HEADER_START64];
1892 static char data_copy[32767] = {0};
1893
1894 if (length > sizeof(data_copy))
1895 length = sizeof(data_copy);
1896 memcpy(data_copy, data, length);
1897
1898 if (!coro) {
1899 coro = coro_new(&switcher, useless_coro_for_fuzzing, NULL((void*)0));
1900
1901 lwan_job_thread_init();
1902 lwan_http_authorize_init();
1903 }
1904
1905 struct lwan_request_parser_helper helper = {
1906 .buffer = &(struct lwan_value){.value = data_copy, .len = length},
1907 .header_start = header_start,
1908 .error_when_n_packets = 2,
1909 };
1910 struct lwan_connection conn = {.coro = coro};
1911 struct lwan_proxy proxy = {};
1912 struct lwan_request request = {
1913 .helper = &helper,
1914 .conn = &conn,
1915 .flags = REQUEST_ALLOW_PROXY_REQS,
1916 .proxy = &proxy,
1917 };
1918
1919 /* If the finalizer isn't happy with a request, there's no point in
1920 * going any further with parsing it. */
1921 if (!request_seems_complete(&helper))
1922 return 0;
1923
1924 /* client_read() NUL-terminates the string */
1925 data_copy[length - 1] = '\0';
1926
1927 if (parse_http_request(&request) != HTTP_OK)
1928 return 0;
1929
1930 off_t trash1;
1931 time_t trash2;
1932 char *trash3;
1933 size_t gen = coro_deferred_get_generation(coro);
1934
1935 /* Only pointers were set in helper struct; actually parse them here. */
1936 parse_accept_encoding(&request);
1937
1938 /* Requesting these items will force them to be parsed, and also
1939 * exercise the lookup function. */
1940 LWAN_NO_DISCARD(lwan_request_get_header(&request, "Non-Existing-Header"))do { __typeof__(lwan_request_get_header(&request, "Non-Existing-Header"
)) no_discard_ = lwan_request_get_header(&request, "Non-Existing-Header"
); __asm__ __volatile__("" ::"g"(no_discard_) : "memory"); } while
(0);
1941
1942 /* Usually existing short header */
1943 LWAN_NO_DISCARD(lwan_request_get_header(&request, "Host"))do { __typeof__(lwan_request_get_header(&request, "Host")
) no_discard_ = lwan_request_get_header(&request, "Host")
; __asm__ __volatile__("" ::"g"(no_discard_) : "memory"); } while
(0);
1944
1945 LWAN_NO_DISCARD(lwan_request_get_cookie(&request, "Non-Existing-Cookie"))do { __typeof__(lwan_request_get_cookie(&request, "Non-Existing-Cookie"
)) no_discard_ = lwan_request_get_cookie(&request, "Non-Existing-Cookie"
); __asm__ __volatile__("" ::"g"(no_discard_) : "memory"); } while
(0);
1946 /* Set by some tests */
1947 LWAN_NO_DISCARD(lwan_request_get_cookie(&request, "FOO"))do { __typeof__(lwan_request_get_cookie(&request, "FOO"))
no_discard_ = lwan_request_get_cookie(&request, "FOO"); __asm__
__volatile__("" ::"g"(no_discard_) : "memory"); } while (0);
1948
1949 LWAN_NO_DISCARD(do { __typeof__(lwan_request_get_query_param(&request, "Non-Existing-Query-Param"
)) no_discard_ = lwan_request_get_query_param(&request, "Non-Existing-Query-Param"
); __asm__ __volatile__("" ::"g"(no_discard_) : "memory"); } while
(0)
1950 lwan_request_get_query_param(&request, "Non-Existing-Query-Param"))do { __typeof__(lwan_request_get_query_param(&request, "Non-Existing-Query-Param"
)) no_discard_ = lwan_request_get_query_param(&request, "Non-Existing-Query-Param"
); __asm__ __volatile__("" ::"g"(no_discard_) : "memory"); } while
(0);
1951
1952 LWAN_NO_DISCARD(do { __typeof__(lwan_request_get_post_param(&request, "Non-Existing-Post-Param"
)) no_discard_ = lwan_request_get_post_param(&request, "Non-Existing-Post-Param"
); __asm__ __volatile__("" ::"g"(no_discard_) : "memory"); } while
(0)
1953 lwan_request_get_post_param(&request, "Non-Existing-Post-Param"))do { __typeof__(lwan_request_get_post_param(&request, "Non-Existing-Post-Param"
)) no_discard_ = lwan_request_get_post_param(&request, "Non-Existing-Post-Param"
); __asm__ __volatile__("" ::"g"(no_discard_) : "memory"); } while
(0);
1954
1955 lwan_request_get_range(&request, &trash1, &trash1);
1956 LWAN_NO_DISCARD(trash1)do { __typeof__(trash1) no_discard_ = trash1; __asm__ __volatile__
("" ::"g"(no_discard_) : "memory"); } while (0);
1957
1958 lwan_request_get_if_modified_since(&request, &trash2);
1959 LWAN_NO_DISCARD(trash2)do { __typeof__(trash2) no_discard_ = trash2; __asm__ __volatile__
("" ::"g"(no_discard_) : "memory"); } while (0);
1960
1961 enum lwan_http_status handshake =
1962 prepare_websocket_handshake(&request, &trash3);
1963 LWAN_NO_DISCARD(trash3)do { __typeof__(trash3) no_discard_ = trash3; __asm__ __volatile__
("" ::"g"(no_discard_) : "memory"); } while (0);
1964 if (handshake == HTTP_SWITCHING_PROTOCOLS)
1965 free(trash3);
1966
1967 LWAN_NO_DISCARD(lwan_http_authorize(&request, "Fuzzy Realm", "/dev/null"))do { __typeof__(lwan_http_authorize(&request, "Fuzzy Realm"
, "/dev/null")) no_discard_ = lwan_http_authorize(&request
, "Fuzzy Realm", "/dev/null"); __asm__ __volatile__("" ::"g"(
no_discard_) : "memory"); } while (0);
1968
1969 coro_deferred_run(coro, gen);
1970
1971 return 0;
1972}
1973#endif
1974
1975static inline int64_t
1976make_async_yield_value(int fd, enum lwan_connection_coro_yield event)
1977{
1978 return (int64_t)(((uint64_t)fd << 32 | event));
1979}
1980
1981static inline void async_await_fd(struct coro *coro,
1982 int fd,
1983 enum lwan_connection_coro_yield events)
1984{
1985 assert(events >= CONN_CORO_ASYNC_AWAIT_READ &&((void) sizeof ((events >= CONN_CORO_ASYNC_AWAIT_READ &&
events <= CONN_CORO_ASYNC_AWAIT_READ_WRITE) ? 1 : 0), __extension__
({ if (events >= CONN_CORO_ASYNC_AWAIT_READ && events
<= CONN_CORO_ASYNC_AWAIT_READ_WRITE) ; else __assert_fail
("events >= CONN_CORO_ASYNC_AWAIT_READ && events <= CONN_CORO_ASYNC_AWAIT_READ_WRITE"
, "/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-request.c"
, 1986, __extension__ __PRETTY_FUNCTION__); }))
1986 events <= CONN_CORO_ASYNC_AWAIT_READ_WRITE)((void) sizeof ((events >= CONN_CORO_ASYNC_AWAIT_READ &&
events <= CONN_CORO_ASYNC_AWAIT_READ_WRITE) ? 1 : 0), __extension__
({ if (events >= CONN_CORO_ASYNC_AWAIT_READ && events
<= CONN_CORO_ASYNC_AWAIT_READ_WRITE) ; else __assert_fail
("events >= CONN_CORO_ASYNC_AWAIT_READ && events <= CONN_CORO_ASYNC_AWAIT_READ_WRITE"
, "/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-request.c"
, 1986, __extension__ __PRETTY_FUNCTION__); }));
1987
1988 return (void)coro_yield(coro, make_async_yield_value(fd, events));
1989}
1990
1991void lwan_request_await_read(struct lwan_request *r, int fd)
1992{
1993 return async_await_fd(r->conn->coro, fd, CONN_CORO_ASYNC_AWAIT_READ);
1994}
1995
1996void lwan_request_await_write(struct lwan_request *r, int fd)
1997{
1998 return async_await_fd(r->conn->coro, fd, CONN_CORO_ASYNC_AWAIT_WRITE);
1999}
2000
2001void lwan_request_await_read_write(struct lwan_request *r, int fd)
2002{
2003 return async_await_fd(r->conn->coro, fd, CONN_CORO_ASYNC_AWAIT_READ_WRITE);
2004}
2005
2006ssize_t lwan_request_async_read_flags(
2007 struct lwan_request *request, int fd, void *buf, size_t len, int flags)
2008{
2009 while (true1) {
2010 ssize_t r = recv(fd, buf, len, MSG_DONTWAITMSG_DONTWAIT | MSG_NOSIGNALMSG_NOSIGNAL | flags);
2011
2012 if (r < 0) {
2013 switch (errno(*__errno_location ())) {
2014 case EWOULDBLOCK11:
2015 lwan_request_await_read(request, fd);
2016 /* Fallthrough */
2017 case EINTR4:
2018 continue;
2019 case EPIPE32:
2020 return -errno(*__errno_location ());
2021 }
2022 }
2023
2024 return r;
2025 }
2026}
2027
2028ssize_t lwan_request_async_read(struct lwan_request *request,
2029 int fd,
2030 void *buf,
2031 size_t len)
2032{
2033 return lwan_request_async_read_flags(request, fd, buf, len, 0);
2034}
2035
2036ssize_t lwan_request_async_write(struct lwan_request *request,
2037 int fd,
2038 const void *buf,
2039 size_t len)
2040{
2041 while (true1) {
2042 ssize_t r = send(fd, buf, len, MSG_DONTWAITMSG_DONTWAIT|MSG_NOSIGNALMSG_NOSIGNAL);
2043
2044 if (r < 0) {
2045 switch (errno(*__errno_location ())) {
2046 case EWOULDBLOCK11:
2047 lwan_request_await_write(request, fd);
2048 /* Fallthrough */
2049 case EINTR4:
2050 continue;
2051 case EPIPE32:
2052 return -errno(*__errno_location ());
2053 }
2054 }
2055
2056 return r;
2057 }
2058}
2059
2060ssize_t lwan_request_async_writev(struct lwan_request *request,
2061 int fd,
2062 struct iovec *iov,
2063 int iov_count)
2064{
2065 ssize_t total_written = 0;
2066 int curr_iov = 0;
2067
2068 for (int tries = 10; tries;) {
2069 const int remaining_len = (int)(iov_count - curr_iov);
2070 ssize_t written;
2071
2072 if (remaining_len == 1) {
2073 const struct iovec *vec = &iov[curr_iov];
2074 return lwan_request_async_write(request, fd, vec->iov_base,
2075 vec->iov_len);
2076 }
2077
2078 written = writev(fd, iov + curr_iov, (size_t)remaining_len);
2079 if (UNLIKELY(written < 0)__builtin_expect(((written < 0)), (0))) {
2080 /* FIXME: Consider short writes as another try as well? */
2081 tries--;
2082
2083 switch (errno(*__errno_location ())) {
2084 case EAGAIN11:
2085 case EINTR4:
2086 goto try_again;
2087 default:
2088 goto out;
2089 }
2090 }
2091
2092 total_written += written;
2093
2094 while (curr_iov < iov_count &&
2095 written >= (ssize_t)iov[curr_iov].iov_len) {
2096 written -= (ssize_t)iov[curr_iov].iov_len;
2097 curr_iov++;
2098 }
2099
2100 if (curr_iov == iov_count)
2101 return total_written;
2102
2103 iov[curr_iov].iov_base = (char *)iov[curr_iov].iov_base + written;
2104 iov[curr_iov].iov_len -= (size_t)written;
2105
2106 try_again:
2107 lwan_request_await_write(request, fd);
2108 }
2109
2110out:
2111 coro_yield(request->conn->coro, CONN_CORO_ABORT);
2112 __builtin_unreachable();
2113}
2114
2115void lwan_request_foreach_header_for_cgi(struct lwan_request *request,
2116 void (*cb)(const char *header_name,
2117 size_t header_len,
2118 const char *value,
2119 size_t value_len,
2120 void *user_data),
2121 void *user_data)
2122{
2123 struct lwan_request_parser_helper *helper = request->helper;
2124 char **header_start = helper->header_start;
2125 size_t n_header_start = helper->n_header_start;
2126
2127 for (size_t i = 0; i < n_header_start; i++) {
2128 const char *header = header_start[i];
2129 const char *next_header = header_start[i + 1];
2130 const char *colon = memchr(header, ':', 127 - sizeof("HTTP_: ") - 1);
2131 char header_name[128];
2132 int r;
2133
2134 if (!colon)
2135 continue;
2136
2137 const size_t header_len = (size_t)(colon - header);
2138 const size_t value_len = (size_t)(next_header - colon - 4);
2139
2140 r = snprintf(header_name, sizeof(header_name), "HTTP_%.*s",
2141 (int)header_len, header);
2142 if (r < 0 || r >= (int)sizeof(header_name))
2143 continue;
2144
2145 /* FIXME: RFC7230/RFC3875 compliance */
2146 for (char *p = header_name; *p; p++) {
2147 if (isalpha(*p)((*__ctype_b_loc ())[(int) ((*p))] & (unsigned short int)
_ISalpha))
2148 *p &= ~0x20;
2149 else if (!isdigit(*p)((*__ctype_b_loc ())[(int) ((*p))] & (unsigned short int)
_ISdigit))
2150 *p = '_';
2151 }
2152
2153 if (streq(header_name, "HTTP_PROXY")) {
2154 /* Mitigation for https://httpoxy.org */
2155 continue;
2156 }
2157
2158 cb(header_name, header_len + sizeof("HTTP_") - 1, colon + 2, value_len,
2159 user_data);
2160 }
2161}