Commit graph

29 commits

Author SHA1 Message Date
Ashod Nakashian
24acdaf89b wsd: throw when an invalid URL is used to create an http session
Change-Id: I2d2eb90badf4f02ec4f2e4c4071fc76b23a92928
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
(cherry picked from commit c16ad4447004a72226df7761fb377014c242ea4e)
2021-09-13 09:40:09 -04:00
Miklos Vajna
18d4c58442 http response: if the result doesn't fit, then consider that a fatal error
This is really a garbage in -> garbage out situation.

Signed-off-by: Miklos Vajna <vmiklos@collabora.com>
Change-Id: Ic1c33f44081f259e5cf5994ad901e1593fe8dfcf
2021-07-19 13:38:00 +02:00
Miklos Vajna
32a654eecb http response: simplify the condition if the result would fit
Given that "digit" is always less than 16, we can avoid the "- digit"
in the condition (because the division turns that into 0 anyway), making
it effectively constexpr.

Signed-off-by: Miklos Vajna <vmiklos@collabora.com>
Change-Id: Iaf9e53d3543f2237c00768f214114a02a4746020
2021-07-19 12:42:38 +02:00
Miklos Vajna
57d3d0f391 http response: check if result would fit into chunkLen
Signed-off-by: Miklos Vajna <vmiklos@collabora.com>
Change-Id: I6e3b73461653d2ab3cedaa3f6ca7fbfd2a826edb
2021-07-08 14:51:11 +02:00
Ashod Nakashian
485a716268 wsd: http: handle invalid http versions
We currently only recognize HTTP/x.y. Anything
else is invalid.

Change-Id: I45fa7e33052e3847b8a2d9768b12d8eac43f6b0a
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
2021-06-19 17:44:59 -04:00
Ashod Nakashian
c5a4e106b1 wsd: http: do not set the state explicitly on parsing error
Setting the state to Error in the parser has the
unwanted side-effect of not triggering the proper
callbacks. The better design is to observe the API
and return error (-1) upon hitting parsing errors.
The caller will then invoke the finishing function
that sets the state and triggers the callbacks.

Change-Id: I4957b0fb431f477d71fb21a8dd601d132c3d6a21
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
2021-06-13 12:10:24 -04:00
Andras Timar
887ce53417 available, off and end can be unsigned, they are byte positions
this prevents compile error with gcc (Ubuntu 5.4.0-6ubuntu1~16.04.12)
../net/HttpRequest.cpp:340:9: error: assuming signed overflow does not occur when assuming that (X + c) >= X is always true [-Werror=strict-overflow]
         if (off + VersionLen >= available)

Signed-off-by: Andras Timar <andras.timar@collabora.com>
Change-Id: I46df5d43d0997f6a1e61c05a4df7f9d71af65511
2021-04-30 14:30:16 +03:00
Miklos Vajna
656eb310bb Fix Debian 8 / gcc-4.9 warnings
net/HttpRequest.cpp:126:19: error: declaration of 'end' shadows a member of 'this' [-Werror=shadow]

kit/Kit.cpp:163:29: error: missing initializer for member 'statfs::f_bsize' [-Werror=missing-field-initializers]

kit/Kit.cpp:171:14: error: 'OVERLAYFS_SUPER_MAGIC' was not declared in this scope

Signed-off-by: Miklos Vajna <vmiklos@collabora.com>
Change-Id: Ibbd35ab5af3adad403ed22a0aeb70917b9e21970
2021-04-30 10:38:09 +02:00
Miklos Vajna
a5566baa03 Add version of std::atoi() that needs no extra allocation
std::atoi() assumes a null-terminated string and our strings are not
always null-terminated. So add a version that takes a length parameter,
this way we don't have to copy strings around.

Also switch to this in http::StatusLine::parse().

Signed-off-by: Miklos Vajna <vmiklos@collabora.com>
Change-Id: I449b356c1b9948c562434618596e8e3b38656088
2021-04-26 16:22:27 +02:00
Miklos Vajna
9afe974848 Add a fuzzer for http::Response::readData()
And remove the httpheader one, which is not useful, since it uses Poco
for the actual parsing, it did not find anything. (If we switch away
from Poco there in the future, it's easy enough to restore it.)

Also fix some problems found by the fuzzer.

Signed-off-by: Miklos Vajna <vmiklos@collabora.com>
Change-Id: I254247c46ecc78c9c3e75aac4f10c441b0e10fb3
2021-04-23 17:54:36 +02:00
Miklos Vajna
1195e07d15 StatusLine::parse: limit size of allocated string
Signed-off-by: Miklos Vajna <vmiklos@collabora.com>
Change-Id: Idba8ad8a8905b0d03e2015de5df5c7c7f145ffc5
2021-04-23 15:32:21 +02:00
Miklos Vajna
da11acd8c5 StatusLine::parse: handle non-null-terminated buffer with std::atoi()
Signed-off-by: Miklos Vajna <vmiklos@collabora.com>
Change-Id: I51033bc4d3f97f5ae93abce1b5f19ef6a8b296d8
2021-04-23 15:32:21 +02:00
Miklos Vajna
415a834813 StatusLine::parse: only feed integers to std::atoi()
Signed-off-by: Miklos Vajna <vmiklos@collabora.com>
Change-Id: I7591fd14fbdc7c1210ac8141cb78854e3f20fffd
2021-04-23 15:32:21 +02:00
Miklos Vajna
80c6562e59 Add a fuzzer for http::StatusLine::parse()
And fix an unhandled std::length_error it found.

Signed-off-by: Miklos Vajna <vmiklos@collabora.com>
Change-Id: I571cdd71caeda84820f2c64088966936637ce2bf
2021-04-23 09:02:21 +02:00
Ashod Nakashian
49a13798eb wsd: http: parse the host and validate
Change-Id: I3ad1bcf51d59295e411a949a714bb680ff789f34
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
2021-04-07 11:36:10 -04:00
Ashod Nakashian
f494c27024 wsd: correct User-Agent usage in http headers
User-Agent is designed for client-side use only,
in http requests. For servers, the Server header
is designed to announce the server name and version.

This tries to normalize the use and documents
the proper intent and usage.

Change-Id: I42d68d65611cab64c45adf03fe74f9466798b093
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
2021-03-22 10:09:22 -04:00
Ashod Nakashian
da07625352 wsd: http: parse the http header only
Previously, we were parsing the Status Line
and the header, both together. This of course
doesn't work when we had removed the Status
Line already. This wasn't an issue in parsing
responses from servers, but doesn't work when
parsing requests from clients (i.e. in a server).

Also, it's simpler.

Tests extended accordingly.

Change-Id: Id1c9a6385080c86b6072130fa8a169a699c42462
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
2021-03-22 10:09:22 -04:00
Ashod Nakashian
ea9c483a28 wsd: http: StatusLine tests
Change-Id: Iac39191b407463d2691ec3c58af2a4b4abfc6645
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
2021-03-16 08:27:46 -04:00
Ashod Nakashian
688fefcbda wsd: http: define streaming operators
Change-Id: I911951cb29fe22103076af9f082e3a6eae3c6189
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
2021-03-16 08:27:46 -04:00
Ashod Nakashian
774afe1393 wsd: http::Request parser
This adds support to parse client request
on the server side.

Unit-tests included.

Change-Id: I90e9ad3007a3215682991fd2383362e1c48589a8
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
2021-03-16 08:27:46 -04:00
Ashod Nakashian
77fb416c40 wsd: http: normalize helper function API
Change-Id: I5070dd53fb6d5e38d851cb9f521f63b59353b778
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
2021-03-16 08:27:46 -04:00
Ashod Nakashian
df0ce9cc42 wsd: http: factor out whitespace check
Change-Id: Ib078b0a587ff4fd91c0d48e79e9e75b8fcc31939
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
2021-03-16 08:27:46 -04:00
Andras Timar
dd9d93de49 typo fix
Signed-off-by: Andras Timar <andras.timar@collabora.com>
Change-Id: I7c6f869be1de3b584b89999b9dc5f6085594b7f4
2021-03-14 17:54:16 +01:00
Ashod Nakashian
0e73346d5e wsd: read -> wrote
Change-Id: I1a02b42931a1ab2202233918d542be7c2ccb9225
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
2021-03-13 19:34:02 -05:00
Ashod Nakashian
9ce552b5a5 wsd: better logging
Change-Id: I9c6bfcc22b1d80a27a4b4fa7229766d95fc62f9a
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
2021-03-13 19:34:02 -05:00
Ashod Nakashian
65f71a2efb wsd: better logging of hex data dumps
And guard http data dumping with debug directives.

Change-Id: I22a725ba49bfb0399a27889ce9732dfe061e2563
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
2021-03-13 19:34:02 -05:00
Ashod Nakashian
5467a7f7ef wsd: simplify and document dumpHex
Change-Id: I636dd6548b0712a72dfc162eb7381e3e7ac18b5a
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
2021-03-13 19:34:02 -05:00
Miklos Vajna
b74f26910d net: http version string may not be null-terminated
Limit its length, we know the version length anyway.

Signed-off-by: Miklos Vajna <vmiklos@collabora.com>
Change-Id: I0db2b9227baf3e10055082ad394c0f555b9898e1
2021-01-27 13:33:30 +01:00
Ashod Nakashian
72e9f3d2d6 wsd: asynchronous HTTP/1.1 implementation
This implements HTTP/1.1 per RFC 7230, partially.

Unit-tests are provided with documentation on usage.

This is desgined to serve as the http implementation
throughout loolwsd, for both synchronous and
asynchronous requests.

Change-Id: Iaf1b8c5fcb8cec032445e27c9f70d2fb807aa4dc
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
2021-01-21 12:36:41 +01:00