Skip to content

Commit

Permalink
Upgrade http_parser - protects against buffer overflows now
Browse files Browse the repository at this point in the history
  • Loading branch information
@ry
ry committed Jun 9, 2009
1 parent 88c04e7 commit 4bd63d3
Show file tree
Hide file tree
Showing 4 changed files with 179 additions and 46 deletions.
79 changes: 79 additions & 0 deletions deps/http_parser/LICENSE
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,79 @@
Copyright 2009, Ryan Lienhart Dahl. All rights reserved.
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to
deal in the Software without restriction, including without limitation the
rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
sell copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
IN THE SOFTWARE.




http_parser is based on Zed Shaw's Mongrel. Mongrel's license is as follows.

-- CUT ---- CUT ---- CUT ---- CUT ---- CUT ---- CUT ---- CUT ---- CUT --
Mongrel Web Server (Mongrel) is copyrighted free software by Zed A. Shaw
<zedshaw at zedshaw dot com> and contributors. You can redistribute it
and/or modify it under either the terms of the GPL2 or the conditions below:

1. You may make and give away verbatim copies of the source form of the
software without restriction, provided that you duplicate all of the
original copyright notices and associated disclaimers.

2. You may modify your copy of the software in any way, provided that
you do at least ONE of the following:

a) place your modifications in the Public Domain or otherwise make them
Freely Available, such as by posting said modifications to Usenet or an
equivalent medium, or by allowing the author to include your
modifications in the software.

b) use the modified software only within your corporation or
organization.

c) rename any non-standard executables so the names do not conflict with
standard executables, which must also be provided.

d) make other distribution arrangements with the author.

3. You may distribute the software in object code or executable
form, provided that you do at least ONE of the following:

a) distribute the executables and library files of the software,
together with instructions (in the manual page or equivalent) on where
to get the original distribution.

b) accompany the distribution with the machine-readable source of the
software.

c) give non-standard executables non-standard names, with
instructions on where to get the original software distribution.

d) make other distribution arrangements with the author.

4. You may modify and include the part of the software into any other
software (possibly commercial). But some files in the distribution
are not written by the author, so that they are not under this terms.

5. The scripts and library files supplied as input to or produced as
output from the software do not automatically fall under the
copyright of the software, but belong to whomever generated them,
and may be sold commercially, and may be aggregated with this
software.

6. THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR
IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE.
-- CUT ---- CUT ---- CUT ---- CUT ---- CUT ---- CUT ---- CUT ---- CUT --
9 changes: 8 additions & 1 deletion deps/http_parser/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ HTTP Parser
This is a parser for HTTP messages written in C. It parses both requests
and responses. The parser is designed to be used in performance HTTP
applications. It does not make any allocations, it does not buffer data, and
it can be interrupted at anytime. It only requires about 100 bytes of data
it can be interrupted at anytime. It only requires about 128 bytes of data
per message stream (in a web server that is per connection).

Features:
Expand All @@ -22,6 +22,7 @@ Features:
* http version
* request path, query string, fragment
* message body
* Defends against buffer overflow attacks.

Usage
-----
Expand Down Expand Up @@ -57,6 +58,12 @@ buffering the data is not necessary. If you need to save certain data for
later usage, you can do that from the callbacks. (You can also `read()` into
a heap allocated buffer to avoid copying memory around if this fits your
application.)

Scalar valued message information such as `status_code`, `method`, and the
HTTP version are stored in the parser structure. This data is only
temporarlly stored in `http_parser` and gets reset on each new message. If
this information is needed later, copy it out of the structure during the
`headers_complete` callback.

The parser decodes the transfer-encoding for both requests and responses
transparently. That is, a chunked encoding is decoded before being sent to
Expand Down
14 changes: 10 additions & 4 deletions deps/http_parser/http_parser.h
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,7 @@
/* Copyright (c) 2008 Ryan Dahl ([email protected])
* All rights reserved.
/* Copyright (c) 2008, 2009 Ryan Dahl ([email protected])
* Based on Zed Shaw's Mongrel, copyright (c) Zed A. Shaw
*
* This parser is based on code from Zed Shaw's Mongrel.
* Copyright (c) 2005 Zed A. Shaw
* All rights reserved.
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
Expand Down Expand Up @@ -72,14 +71,21 @@ struct http_parser {

size_t chunk_size;
unsigned eating:1;
unsigned buffer_overflow:1;
size_t body_read;

const char *header_field_mark;
size_t header_field_size;
const char *header_value_mark;
size_t header_value_size;
const char *query_string_mark;
size_t query_string_size;
const char *path_mark;
size_t path_size;
const char *uri_mark;
size_t uri_size;
const char *fragment_mark;
size_t fragment_size;

/** READ-ONLY **/
unsigned short status_code; /* responses only */
Expand Down
123 changes: 82 additions & 41 deletions deps/http_parser/http_parser.rl
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,5 @@
/* Copyright (c) 2008, 2009 Ryan Dahl ([email protected])
*
* Based on Zed Shaw's Mongrel.
* Copyright (c) 2005 Zed A. Shaw
* Based on Zed Shaw's Mongrel, copyright (c) Zed A. Shaw
*
* All rights reserved.
*
Expand All @@ -25,8 +23,9 @@
* WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
#include "http_parser.h"

#include <assert.h>
#ifndef NDEBUG
# include <assert.h>
#endif

static int unhex[] = {-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1
,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1
Expand All @@ -42,38 +41,50 @@ static int unhex[] = {-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1
#define MIN(a,b) (a < b ? a : b)
#define NULL (void*)(0)

#define REMAINING (pe - p)
#define CALLBACK(FOR) \
if (parser->FOR##_mark && parser->on_##FOR) { \
callback_return_value = \
parser->on_##FOR(parser, parser->FOR##_mark, p - parser->FOR##_mark); \
}
#define MAX_FIELD_SIZE 80*1024

#define RESET_PARSER(parser) \
parser->chunk_size = 0; \
parser->eating = 0; \
parser->header_field_mark = NULL; \
parser->header_value_mark = NULL; \
parser->query_string_mark = NULL; \
parser->path_mark = NULL; \
parser->uri_mark = NULL; \
parser->fragment_mark = NULL; \
parser->status_code = 0; \
parser->method = 0; \
parser->transfer_encoding = HTTP_IDENTITY; \
parser->version_major = 0; \
parser->version_minor = 0; \
parser->keep_alive = -1; \
parser->content_length = 0; \
#define REMAINING (pe - p)
#define CALLBACK(FOR) \
do { \
if (parser->FOR##_mark) { \
parser->FOR##_size += p - parser->FOR##_mark; \
if (parser->FOR##_size > MAX_FIELD_SIZE) { \
parser->buffer_overflow = TRUE; \
return 0; \
} \
if (parser->on_##FOR) { \
callback_return_value = parser->on_##FOR(parser, \
parser->FOR##_mark, \
p - parser->FOR##_mark); \
} \
} \
} while(0)

#define RESET_PARSER(parser) \
parser->chunk_size = 0; \
parser->eating = 0; \
parser->header_field_mark = NULL; \
parser->header_value_mark = NULL; \
parser->query_string_mark = NULL; \
parser->path_mark = NULL; \
parser->uri_mark = NULL; \
parser->fragment_mark = NULL; \
parser->status_code = 0; \
parser->method = 0; \
parser->transfer_encoding = HTTP_IDENTITY; \
parser->version_major = 0; \
parser->version_minor = 0; \
parser->keep_alive = -1; \
parser->content_length = 0; \
parser->body_read = 0;

#define END_REQUEST \
do { \
if (parser->on_message_complete) { \
callback_return_value = \
parser->on_message_complete(parser); \
} \
RESET_PARSER(parser); \
#define END_REQUEST \
do { \
if (parser->on_message_complete) { \
callback_return_value = \
parser->on_message_complete(parser); \
} \
RESET_PARSER(parser); \
} while (0)

#define SKIP_BODY(nskip) \
Expand All @@ -100,47 +111,76 @@ do { \
%%{
machine http_parser;

action mark_header_field { parser->header_field_mark = p; }
action mark_header_value { parser->header_value_mark = p; }
action mark_fragment { parser->fragment_mark = p; }
action mark_query_string { parser->query_string_mark = p; }
action mark_request_path { parser->path_mark = p; }
action mark_request_uri { parser->uri_mark = p; }
action mark_header_field {
parser->header_field_mark = p;
parser->header_field_size = 0;
}

action mark_header_value {
parser->header_value_mark = p;
parser->header_value_size = 0;
}

action mark_fragment {
parser->fragment_mark = p;
parser->fragment_size = 0;
}

action mark_query_string {
parser->query_string_mark = p;
parser->query_string_size = 0;
}

action mark_request_path {
parser->path_mark = p;
parser->path_size = 0;
}

action mark_request_uri {
parser->uri_mark = p;
parser->uri_size = 0;
}

action header_field {
CALLBACK(header_field);
if (callback_return_value != 0) fbreak;
parser->header_field_mark = NULL;
parser->header_field_size = 0;
}

action header_value {
CALLBACK(header_value);
if (callback_return_value != 0) fbreak;
parser->header_value_mark = NULL;
parser->header_value_size = 0;
}

action request_uri {
CALLBACK(uri);
if (callback_return_value != 0) fbreak;
parser->uri_mark = NULL;
parser->uri_size = 0;
}

action fragment {
CALLBACK(fragment);
if (callback_return_value != 0) fbreak;
parser->fragment_mark = NULL;
parser->fragment_size = 0;
}

action query_string {
CALLBACK(query_string);
if (callback_return_value != 0) fbreak;
parser->query_string_mark = NULL;
parser->query_string_size = 0;
}

action request_path {
CALLBACK(path);
if (callback_return_value != 0) fbreak;
parser->path_mark = NULL;
parser->path_size = 0;
}

action headers_complete {
Expand Down Expand Up @@ -227,7 +267,6 @@ do { \
}
}


CRLF = "\r\n";

# character types
Expand Down Expand Up @@ -348,6 +387,7 @@ http_parser_init (http_parser *parser, enum http_parser_type type)
%% write init;
parser->cs = cs;
parser->type = type;
parser->buffer_overflow = 0;

parser->on_message_begin = NULL;
parser->on_path = NULL;
Expand Down Expand Up @@ -406,6 +446,7 @@ out:
int
http_parser_has_error (http_parser *parser)
{
if (parser->buffer_overflow) return TRUE;
return parser->cs == http_parser_error;
}

Expand Down

0 comments on commit 4bd63d3

Please sign in to comment.