1 /***************************************************************************
3 * Project ___| | | | _ \| |
5 * | (__| |_| | _ <| |___
6 * \___|\___/|_| \_\_____|
8 * Copyright (C) 2020 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
10 * This software is licensed as described in the file COPYING, which
11 * you should have received as part of this distribution. The terms
12 * are also available at https://curl.se/docs/copyright.html.
14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 * copies of the Software, and permit persons to whom the Software is
16 * furnished to do so, under the terms of the COPYING file.
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 * KIND, either express or implied.
21 ***************************************************************************/
23 * The Strict-Transport-Security header is defined in RFC 6797:
24 * https://datatracker.ietf.org/doc/html/rfc6797
26 #include "curl_setup.h"
28 #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_HSTS)
29 #include <curl/curl.h>
33 #include "curl_get_line.h"
36 #include "strtoofft.h"
37 #include "parsedate.h"
40 #include "strtoofft.h"
42 /* The last 3 #include files should be in this order */
43 #include "curl_printf.h"
44 #include "curl_memory.h"
47 #define MAX_HSTS_LINE 4095
48 #define MAX_HSTS_HOSTLEN 256
49 #define MAX_HSTS_HOSTLENSTR "256"
50 #define MAX_HSTS_DATELEN 64
51 #define MAX_HSTS_DATELENSTR "64"
52 #define UNLIMITED "unlimited"
55 /* to play well with debug builds, we can *set* a fixed time this will
57 time_t deltatime; /* allow for "adjustments" for unit test purposes */
58 static time_t debugtime(void *unused)
60 char *timestr = getenv("CURL_TIME");
64 (void)curlx_strtoofft(timestr, NULL, 10, &val);
66 val += (curl_off_t)deltatime;
71 #define time(x) debugtime(x)
74 struct hsts *Curl_hsts_init(void)
76 struct hsts *h = calloc(sizeof(struct hsts), 1);
78 Curl_llist_init(&h->list, NULL);
83 static void hsts_free(struct stsentry *e)
85 free((char *)e->host);
89 void Curl_hsts_cleanup(struct hsts **hp)
93 struct Curl_llist_element *e;
94 struct Curl_llist_element *n;
95 for(e = h->list.head; e; e = n) {
96 struct stsentry *sts = e->ptr;
106 static struct stsentry *hsts_entry(void)
108 return calloc(sizeof(struct stsentry), 1);
111 static CURLcode hsts_create(struct hsts *h,
112 const char *hostname,
116 struct stsentry *sts = hsts_entry();
120 return CURLE_OUT_OF_MEMORY;
122 duphost = strdup(hostname);
125 return CURLE_OUT_OF_MEMORY;
128 hlen = strlen(duphost);
129 if(duphost[hlen - 1] == '.')
130 /* strip off trailing any dot */
134 sts->expires = expires;
135 sts->includeSubDomains = subdomains;
136 Curl_llist_insert_next(&h->list, h->list.tail, sts, &sts->node);
140 CURLcode Curl_hsts_parse(struct hsts *h, const char *hostname,
143 const char *p = header;
144 curl_off_t expires = 0;
147 bool subdomains = FALSE;
148 struct stsentry *sts;
149 time_t now = time(NULL);
151 if(Curl_host_is_ipnum(hostname))
152 /* "explicit IP address identification of all forms is excluded."
157 while(*p && ISSPACE(*p))
159 if(Curl_strncasecompare("max-age=", p, 8)) {
165 return CURLE_BAD_FUNCTION_ARGUMENT;
168 while(*p && ISSPACE(*p))
174 offt = curlx_strtoofft(p, &endp, 10, &expires);
175 if(offt == CURL_OFFT_FLOW)
176 expires = CURL_OFF_T_MAX;
178 /* invalid max-age */
179 return CURLE_BAD_FUNCTION_ARGUMENT;
183 return CURLE_BAD_FUNCTION_ARGUMENT;
188 else if(Curl_strncasecompare("includesubdomains", p, 17)) {
190 return CURLE_BAD_FUNCTION_ARGUMENT;
196 /* unknown directive, do a lame attempt to skip */
197 while(*p && (*p != ';'))
201 while(*p && ISSPACE(*p))
208 /* max-age is mandatory */
209 return CURLE_BAD_FUNCTION_ARGUMENT;
212 /* remove the entry if present verbatim (without subdomain match) */
213 sts = Curl_hsts(h, hostname, FALSE);
215 Curl_llist_remove(&h->list, &sts->node, NULL);
221 if(CURL_OFF_T_MAX - now < expires)
222 /* would overflow, use maximum value */
223 expires = CURL_OFF_T_MAX;
227 /* check if it already exists */
228 sts = Curl_hsts(h, hostname, FALSE);
230 /* just update these fields */
231 sts->expires = expires;
232 sts->includeSubDomains = subdomains;
235 return hsts_create(h, hostname, subdomains, expires);
241 * Return TRUE if the given host name is currently an HSTS one.
243 * The 'subdomain' argument tells the function if subdomain matching should be
246 struct stsentry *Curl_hsts(struct hsts *h, const char *hostname,
250 char buffer[MAX_HSTS_HOSTLEN + 1];
251 time_t now = time(NULL);
252 size_t hlen = strlen(hostname);
253 struct Curl_llist_element *e;
254 struct Curl_llist_element *n;
256 if((hlen > MAX_HSTS_HOSTLEN) || !hlen)
258 memcpy(buffer, hostname, hlen);
259 if(hostname[hlen-1] == '.')
260 /* remove the trailing dot */
265 for(e = h->list.head; e; e = n) {
266 struct stsentry *sts = e->ptr;
268 if(sts->expires <= now) {
269 /* remove expired entries */
270 Curl_llist_remove(&h->list, &sts->node, NULL);
274 if(subdomain && sts->includeSubDomains) {
275 size_t ntail = strlen(sts->host);
277 size_t offs = hlen - ntail;
278 if((hostname[offs-1] == '.') &&
279 Curl_strncasecompare(&hostname[offs], sts->host, ntail))
283 if(Curl_strcasecompare(hostname, sts->host))
287 return NULL; /* no match */
291 * Send this HSTS entry to the write callback.
293 static CURLcode hsts_push(struct Curl_easy *data,
294 struct curl_index *i,
295 struct stsentry *sts,
298 struct curl_hstsentry e;
303 e.name = (char *)sts->host;
304 e.namelen = strlen(sts->host);
305 e.includeSubDomains = sts->includeSubDomains;
307 if(sts->expires != TIME_T_MAX) {
308 result = Curl_gmtime((time_t)sts->expires, &stamp);
312 msnprintf(e.expire, sizeof(e.expire), "%d%02d%02d %02d:%02d:%02d",
313 stamp.tm_year + 1900, stamp.tm_mon + 1, stamp.tm_mday,
314 stamp.tm_hour, stamp.tm_min, stamp.tm_sec);
317 strcpy(e.expire, UNLIMITED);
319 sc = data->set.hsts_write(data, &e, i,
320 data->set.hsts_write_userp);
321 *stop = (sc != CURLSTS_OK);
322 return sc == CURLSTS_FAIL ? CURLE_BAD_FUNCTION_ARGUMENT : CURLE_OK;
326 * Write this single hsts entry to a single output line
328 static CURLcode hsts_out(struct stsentry *sts, FILE *fp)
331 if(sts->expires != TIME_T_MAX) {
332 CURLcode result = Curl_gmtime((time_t)sts->expires, &stamp);
335 fprintf(fp, "%s%s \"%d%02d%02d %02d:%02d:%02d\"\n",
336 sts->includeSubDomains ? ".": "", sts->host,
337 stamp.tm_year + 1900, stamp.tm_mon + 1, stamp.tm_mday,
338 stamp.tm_hour, stamp.tm_min, stamp.tm_sec);
341 fprintf(fp, "%s%s \"%s\"\n",
342 sts->includeSubDomains ? ".": "", sts->host, UNLIMITED);
348 * Curl_https_save() writes the HSTS cache to file and callback.
350 CURLcode Curl_hsts_save(struct Curl_easy *data, struct hsts *h,
353 struct Curl_llist_element *e;
354 struct Curl_llist_element *n;
355 CURLcode result = CURLE_OK;
358 unsigned char randsuffix[9];
361 /* no cache activated */
364 /* if no new name is given, use the one we stored from the load */
365 if(!file && h->filename)
368 if((h->flags & CURLHSTS_READONLYFILE) || !file || !file[0])
369 /* marked as read-only, no file or zero length file name */
372 if(Curl_rand_hex(data, randsuffix, sizeof(randsuffix)))
373 return CURLE_FAILED_INIT;
375 tempstore = aprintf("%s.%s.tmp", file, randsuffix);
377 return CURLE_OUT_OF_MEMORY;
379 out = fopen(tempstore, FOPEN_WRITETEXT);
381 result = CURLE_WRITE_ERROR;
383 fputs("# Your HSTS cache. https://curl.se/docs/hsts.html\n"
384 "# This file was generated by libcurl! Edit at your own risk.\n",
386 for(e = h->list.head; e; e = n) {
387 struct stsentry *sts = e->ptr;
389 result = hsts_out(sts, out);
394 if(!result && Curl_rename(tempstore, file))
395 result = CURLE_WRITE_ERROR;
402 if(data->set.hsts_write) {
403 /* if there's a write callback */
404 struct curl_index i; /* count */
405 i.total = h->list.size;
407 for(e = h->list.head; e; e = n) {
408 struct stsentry *sts = e->ptr;
411 result = hsts_push(data, &i, sts, &stop);
420 /* only returns SERIOUS errors */
421 static CURLcode hsts_add(struct hsts *h, char *line)
424 example.com "20191231 10:00:00"
425 .example.net "20191231 10:00:00"
427 char host[MAX_HSTS_HOSTLEN + 1];
428 char date[MAX_HSTS_DATELEN + 1];
432 "%" MAX_HSTS_HOSTLENSTR "s \"%" MAX_HSTS_DATELENSTR "[^\"]\"",
435 time_t expires = strcmp(date, UNLIMITED) ? Curl_getdate_capped(date) :
439 bool subdomain = FALSE;
444 result = hsts_create(h, p, subdomain, expires);
453 * Load HSTS data from callback.
456 static CURLcode hsts_pull(struct Curl_easy *data, struct hsts *h)
458 /* if the HSTS read callback is set, use it */
459 if(data->set.hsts_read) {
463 char buffer[MAX_HSTS_HOSTLEN + 1];
464 struct curl_hstsentry e;
466 e.namelen = sizeof(buffer)-1;
467 e.includeSubDomains = FALSE; /* default */
469 e.name[0] = 0; /* just to make it clean */
470 sc = data->set.hsts_read(data, &e, data->set.hsts_read_userp);
471 if(sc == CURLSTS_OK) {
475 /* bail out if no name was stored */
476 return CURLE_BAD_FUNCTION_ARGUMENT;
478 expires = Curl_getdate_capped(e.expire);
480 expires = TIME_T_MAX; /* the end of time */
481 result = hsts_create(h, e.name,
482 /* bitfield to bool conversion: */
483 e.includeSubDomains ? TRUE : FALSE,
488 else if(sc == CURLSTS_FAIL)
489 return CURLE_ABORTED_BY_CALLBACK;
490 } while(sc == CURLSTS_OK);
496 * Load the HSTS cache from the given file. The text based line-oriented file
497 * format is documented here:
498 * https://github.com/curl/curl/wiki/HSTS
500 * This function only returns error on major problems that prevent hsts
501 * handling to work completely. It will ignore individual syntactical errors
504 static CURLcode hsts_load(struct hsts *h, const char *file)
506 CURLcode result = CURLE_OK;
510 /* we need a private copy of the file name so that the hsts cache file
511 name survives an easy handle reset */
513 h->filename = strdup(file);
515 return CURLE_OUT_OF_MEMORY;
517 fp = fopen(file, FOPEN_READTEXT);
519 line = malloc(MAX_HSTS_LINE);
522 while(Curl_get_line(line, MAX_HSTS_LINE, fp)) {
523 char *lineptr = line;
524 while(*lineptr && ISBLANK(*lineptr))
527 /* skip commented lines */
530 hsts_add(h, lineptr);
532 free(line); /* free the line buffer */
538 Curl_safefree(h->filename);
540 return CURLE_OUT_OF_MEMORY;
544 * Curl_hsts_loadfile() loads HSTS from file
546 CURLcode Curl_hsts_loadfile(struct Curl_easy *data,
547 struct hsts *h, const char *file)
551 return hsts_load(h, file);
555 * Curl_hsts_loadcb() loads HSTS from callback
557 CURLcode Curl_hsts_loadcb(struct Curl_easy *data, struct hsts *h)
560 return hsts_pull(data, h);
564 #endif /* CURL_DISABLE_HTTP || CURL_DISABLE_HSTS */