2 * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* Very basic HTTP server */
12 #if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
14 * On VMS, you need to define this to get the declaration of fileno(). The
15 * value 2 is to make sure no function defined in POSIX-2 is left undefined.
17 # define _POSIX_C_SOURCE 2
21 #include "http_server.h"
22 #include "internal/sockets.h"
23 #include <openssl/err.h>
24 #include <openssl/rand.h>
28 # if defined(OPENSSL_TANDEM_FLOSS)
29 # include <floss.h(floss_fork)>
33 static int verbosity = LOG_INFO;
35 #define HTTP_PREFIX "HTTP/"
36 #define HTTP_VERSION_PATT "1." /* allow 1.x */
37 #define HTTP_PREFIX_VERSION HTTP_PREFIX""HTTP_VERSION_PATT
38 #define HTTP_1_0 HTTP_PREFIX_VERSION"0" /* "HTTP/1.0" */
39 #define HTTP_VERSION_STR " "HTTP_PREFIX_VERSION
43 int multi = 0; /* run multiple responder processes */
44 int acfd = (int) INVALID_SOCKET;
46 static int print_syslog(const char *str, size_t len, void *levPtr)
48 int level = *(int *)levPtr;
49 int ilen = len > MAXERRLEN ? MAXERRLEN : len;
51 syslog(level, "%.*s", ilen, str);
57 void log_message(const char *prog, int level, const char *fmt, ...)
61 if (verbosity < level)
69 if (vsnprintf(buf, sizeof(buf), fmt, ap) > 0)
70 syslog(level, "%s", buf);
72 ERR_print_errors_cb(print_syslog, &level);
76 BIO_printf(bio_err, "%s: ", prog);
77 BIO_vprintf(bio_err, fmt, ap);
78 BIO_printf(bio_err, "\n");
79 (void)BIO_flush(bio_err);
85 void socket_timeout(int signum)
87 if (acfd != (int)INVALID_SOCKET)
88 (void)shutdown(acfd, SHUT_RD);
91 static void killall(int ret, pid_t *kidpids)
95 for (i = 0; i < multi; ++i)
97 (void)kill(kidpids[i], SIGTERM);
98 OPENSSL_free(kidpids);
103 static int termsig = 0;
105 static void noteterm(int sig)
111 * Loop spawning up to `multi` child processes, only child processes return
112 * from this function. The parent process loops until receiving a termination
113 * signal, kills extant children and exits without returning.
115 void spawn_loop(const char *prog)
117 pid_t *kidpids = NULL;
122 openlog(prog, LOG_PID, LOG_DAEMON);
125 syslog(LOG_ERR, "fatal: error detaching from parent process group: %s",
129 kidpids = app_malloc(multi * sizeof(*kidpids), "child PID array");
130 for (i = 0; i < multi; ++i)
133 signal(SIGINT, noteterm);
134 signal(SIGTERM, noteterm);
136 while (termsig == 0) {
140 * Wait for a child to replace when we're at the limit.
141 * Slow down if a child exited abnormally or waitpid() < 0
143 while (termsig == 0 && procs >= multi) {
144 if ((fpid = waitpid(-1, &status, 0)) > 0) {
145 for (i = 0; i < procs; ++i) {
146 if (kidpids[i] == fpid) {
153 syslog(LOG_ERR, "fatal: internal error: "
154 "no matching child slot for pid: %ld",
159 if (WIFEXITED(status))
160 syslog(LOG_WARNING, "child process: %ld, exit status: %d",
161 (long)fpid, WEXITSTATUS(status));
162 else if (WIFSIGNALED(status))
163 syslog(LOG_WARNING, "child process: %ld, term signal %d%s",
164 (long)fpid, WTERMSIG(status),
166 WCOREDUMP(status) ? " (core dumped)" :
172 } else if (errno != EINTR) {
173 syslog(LOG_ERR, "fatal: waitpid(): %s", strerror(errno));
180 switch (fpid = fork()) {
182 /* System critically low on memory, pause and try again later */
186 OPENSSL_free(kidpids);
187 signal(SIGINT, SIG_DFL);
188 signal(SIGTERM, SIG_DFL);
191 if (RAND_poll() <= 0) {
192 syslog(LOG_ERR, "fatal: RAND_poll() failed");
196 default: /* parent */
197 for (i = 0; i < multi; ++i) {
198 if (kidpids[i] == 0) {
205 syslog(LOG_ERR, "fatal: internal error: no free child slots");
212 /* The loop above can only break on termsig */
213 syslog(LOG_INFO, "terminating on signal: %d", termsig);
218 #ifndef OPENSSL_NO_SOCK
219 BIO *http_server_init(const char *prog, const char *port, int verb)
221 BIO *acbio = NULL, *bufbio;
226 if (verb > LOG_TRACE) {
227 log_message(prog, LOG_ERR,
228 "Logging verbosity level %d too high", verb);
233 bufbio = BIO_new(BIO_f_buffer());
236 acbio = BIO_new(BIO_s_accept());
238 || BIO_set_bind_mode(acbio, BIO_BIND_REUSEADDR) < 0
239 || BIO_set_accept_port(acbio, port /* may be "0" */) < 0) {
240 log_message(prog, LOG_ERR, "Error setting up accept BIO");
244 BIO_set_accept_bios(acbio, bufbio);
246 if (BIO_do_accept(acbio) <= 0) {
247 log_message(prog, LOG_ERR, "Error starting accept");
251 /* Report back what address and port are used */
252 BIO_get_fd(acbio, &asock);
253 port_num = report_server_accept(bio_out, asock, 1, 1);
255 log_message(prog, LOG_ERR, "Error printing ACCEPT string");
268 * Decode %xx URL-decoding in-place. Ignores malformed sequences.
270 static int urldecode(char *p)
272 unsigned char *out = (unsigned char *)p;
273 unsigned char *save = out;
278 } else if (isxdigit(_UC(p[1])) && isxdigit(_UC(p[2]))) {
279 /* Don't check, can't fail because of ixdigit() call. */
280 *out++ = (OPENSSL_hexchar2int(p[1]) << 4)
281 | OPENSSL_hexchar2int(p[2]);
288 return (int)(out - save);
291 /* if *pcbio != NULL, continue given connected session, else accept new */
292 /* if found_keep_alive != NULL, return this way connection persistence state */
293 int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq,
294 char **ppath, BIO **pcbio, BIO *acbio,
295 int *found_keep_alive,
296 const char *prog, int accept_get, int timeout)
298 BIO *cbio = *pcbio, *getbio = NULL, *b64 = NULL;
300 char reqbuf[2048], inbuf[2048];
301 char *meth, *url, *end;
312 get_sock_info_address(BIO_get_fd(acbio, NULL), NULL, &port);
314 log_message(prog, LOG_ERR, "Cannot get port listening on");
317 log_message(prog, LOG_DEBUG,
318 "Awaiting new connection on port %s ...", port);
321 if (BIO_do_accept(acbio) <= 0)
322 /* Connection loss before accept() is routine, ignore silently */
325 *pcbio = cbio = BIO_pop(acbio);
327 log_message(prog, LOG_DEBUG, "Awaiting next request ...");
330 /* Cannot call http_server_send_status(cbio, ...) */
337 (void)BIO_get_fd(cbio, &acfd);
342 /* Read the request line. */
343 len = BIO_gets(cbio, reqbuf, sizeof(reqbuf));
348 log_message(prog, LOG_WARNING, "Request line read error");
349 (void)http_server_send_status(cbio, 400, "Bad Request");
352 if ((end = strchr(reqbuf, '\r')) != NULL
353 || (end = strchr(reqbuf, '\n')) != NULL)
355 log_message(prog, LOG_INFO, "Received request, 1st line: %s", reqbuf);
358 if ((accept_get && CHECK_AND_SKIP_PREFIX(url, "GET "))
359 || CHECK_AND_SKIP_PREFIX(url, "POST ")) {
361 /* Expecting (GET|POST) {sp} /URL {sp} HTTP/1.x */
366 log_message(prog, LOG_WARNING,
367 "Invalid %s -- URL does not begin with '/': %s",
369 (void)http_server_send_status(cbio, 400, "Bad Request");
374 /* Splice off the HTTP version identifier. */
375 for (end = url; *end != '\0'; end++)
378 if (!HAS_PREFIX(end, HTTP_VERSION_STR)) {
379 log_message(prog, LOG_WARNING,
380 "Invalid %s -- bad HTTP/version string: %s",
382 (void)http_server_send_status(cbio, 400, "Bad Request");
386 /* above HTTP 1.0, connection persistence is the default */
387 if (found_keep_alive != NULL)
388 *found_keep_alive = end[sizeof(HTTP_VERSION_STR) - 1] > '0';
391 * Skip "GET / HTTP..." requests often used by load-balancers.
392 * 'url' was incremented above to point to the first byte *after*
393 * the leading slash, so in case 'GET / ' it is now an empty string.
395 if (strlen(meth) == 3 && url[0] == '\0') {
396 (void)http_server_send_status(cbio, 200, "OK");
400 len = urldecode(url);
402 log_message(prog, LOG_WARNING,
403 "Invalid %s request -- bad URL encoding: %s",
405 (void)http_server_send_status(cbio, 400, "Bad Request");
408 if (strlen(meth) == 3) { /* GET */
409 if ((getbio = BIO_new_mem_buf(url, len)) == NULL
410 || (b64 = BIO_new(BIO_f_base64())) == NULL) {
411 log_message(prog, LOG_ERR,
412 "Could not allocate base64 bio with size = %d",
416 BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
417 getbio = BIO_push(b64, getbio);
420 log_message(prog, LOG_WARNING,
421 "HTTP request does not begin with %sPOST: %s",
422 accept_get ? "GET or " : "", reqbuf);
423 (void)http_server_send_status(cbio, 400, "Bad Request");
427 /* chop any further/duplicate leading or trailing '/' */
430 while (end >= url + 2 && end[-2] == '/' && end[-1] == '/')
434 /* Read and skip past the headers. */
436 char *key, *value, *line_end = NULL;
438 len = BIO_gets(cbio, inbuf, sizeof(inbuf));
440 log_message(prog, LOG_WARNING, "Error reading HTTP header");
441 (void)http_server_send_status(cbio, 400, "Bad Request");
445 if (inbuf[0] == '\r' || inbuf[0] == '\n')
449 value = strchr(key, ':');
451 log_message(prog, LOG_WARNING,
452 "Error parsing HTTP header: missing ':'");
453 (void)http_server_send_status(cbio, 400, "Bad Request");
457 while (*value == ' ')
459 line_end = strchr(value, '\r');
460 if (line_end == NULL) {
461 line_end = strchr(value, '\n');
462 if (line_end == NULL) {
463 log_message(prog, LOG_WARNING,
464 "Error parsing HTTP header: missing end of line");
465 (void)http_server_send_status(cbio, 400, "Bad Request");
470 /* https://tools.ietf.org/html/rfc7230#section-6.3 Persistence */
471 if (found_keep_alive != NULL && strcasecmp(key, "Connection") == 0) {
472 if (strcasecmp(value, "keep-alive") == 0)
473 *found_keep_alive = 1;
474 else if (strcasecmp(value, "close") == 0)
475 *found_keep_alive = 0;
480 /* Clear alarm before we close the client socket */
485 /* Try to read and parse request */
486 req = ASN1_item_d2i_bio(it, getbio != NULL ? getbio : cbio, NULL);
488 log_message(prog, LOG_WARNING,
489 "Error parsing DER-encoded request content");
490 (void)http_server_send_status(cbio, 400, "Bad Request");
491 } else if (ppath != NULL && (*ppath = OPENSSL_strdup(url)) == NULL) {
492 log_message(prog, LOG_ERR,
493 "Out of memory allocating %zu bytes", strlen(url) + 1);
494 ASN1_item_free(req, it);
501 BIO_free_all(getbio);
505 acfd = (int)INVALID_SOCKET;
510 (void)http_server_send_status(cbio, 500, "Internal Server Error");
512 OPENSSL_free(*ppath);
521 /* assumes that cbio does not do an encoding that changes the output length */
522 int http_server_send_asn1_resp(BIO *cbio, int keep_alive,
523 const char *content_type,
524 const ASN1_ITEM *it, const ASN1_VALUE *resp)
526 int ret = BIO_printf(cbio, HTTP_1_0" 200 OK\r\n%s"
527 "Content-type: %s\r\n"
528 "Content-Length: %d\r\n\r\n",
529 keep_alive ? "Connection: keep-alive\r\n" : "",
531 ASN1_item_i2d(resp, NULL, it)) > 0
532 && ASN1_item_i2d_bio(it, cbio, resp) > 0;
534 (void)BIO_flush(cbio);
538 int http_server_send_status(BIO *cbio, int status, const char *reason)
540 int ret = BIO_printf(cbio, HTTP_1_0" %d %s\r\n\r\n",
541 /* This implicitly cancels keep-alive */
544 (void)BIO_flush(cbio);