projects / platform / upstream / libwebsockets.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
URIPS_ARGUMENTS is redundant
[platform/upstream/libwebsockets.git] / lib / parsers.c
1 /*
2  * libwebsockets - small server side websockets and web server implementation
3  *
4  * Copyright (C) 2010-2013 Andy Green <andy@warmcat.com>
5  *
6  *  This library is free software; you can redistribute it and/or
7  *  modify it under the terms of the GNU Lesser General Public
8  *  License as published by the Free Software Foundation:
9  *  version 2.1 of the License.
10  *
11  *  This library is distributed in the hope that it will be useful,
12  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
13  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  *  Lesser General Public License for more details.
15  *
16  *  You should have received a copy of the GNU Lesser General Public
17  *  License along with this library; if not, write to the Free Software
18  *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
19  *  MA  02110-1301  USA
20  */
21
22 #include "private-libwebsockets.h"
23
24 unsigned char lextable[] = {
25         #include "lextable.h"
26 };
27
28 #define FAIL_CHAR 0x08
29
30 int lextable_decode(int pos, char c)
31 {
32         c = tolower(c);
33
34         while (1) {
35                 if (lextable[pos] & (1 << 7)) { /* 1-byte, fail on mismatch */
36                         if ((lextable[pos] & 0x7f) != c)
37                                 return -1;
38                         /* fall thru */
39                         pos++;
40                         if (lextable[pos] == FAIL_CHAR)
41                                 return -1;
42                         return pos;
43                 }
44
45                 if (lextable[pos] == FAIL_CHAR)
46                         return -1;
47
48                 /* b7 = 0, end or 3-byte */
49                 if (lextable[pos] < FAIL_CHAR) /* terminal marker */
50                         return pos;
51
52                 if (lextable[pos] == c) /* goto */
53                         return pos + (lextable[pos + 1]) +
54                                                 (lextable[pos + 2] << 8);
55                 /* fall thru goto */
56                 pos += 3;
57                 /* continue */
58         }
59 }
60
61 int lws_allocate_header_table(struct lws *wsi)
62 {
63         /* Be sure to free any existing header data to avoid mem leak: */
64         lws_free_header_table(wsi);
65         wsi->u.hdr.ah = lws_malloc(sizeof(*wsi->u.hdr.ah));
66         if (wsi->u.hdr.ah == NULL) {
67                 lwsl_err("Out of memory\n");
68                 return -1;
69         }
70         memset(wsi->u.hdr.ah->frag_index, 0, sizeof(wsi->u.hdr.ah->frag_index));
71         wsi->u.hdr.ah->nfrag = 0;
72         wsi->u.hdr.ah->pos = 0;
73
74         return 0;
75 }
76
77 int lws_free_header_table(struct lws *wsi)
78 {
79         lws_free2(wsi->u.hdr.ah);
80         wsi->u.hdr.ah = NULL;
81         return 0;
82 };
83
84 LWS_VISIBLE int lws_hdr_total_length(struct lws *wsi, enum lws_token_indexes h)
85 {
86         int n;
87         int len = 0;
88
89         n = wsi->u.hdr.ah->frag_index[h];
90         if (!n)
91                 return 0;
92         do {
93                 len += wsi->u.hdr.ah->frags[n].len;
94                 n = wsi->u.hdr.ah->frags[n].nfrag;
95         } while (n);
96
97         return len;
98 }
99
100 LWS_VISIBLE int lws_hdr_copy_fragment(struct lws *wsi, char *dst, int len,
101                                       enum lws_token_indexes h, int frag_idx)
102 {
103         int n = 0;
104         int f = wsi->u.hdr.ah->frag_index[h];
105
106         while (n < frag_idx) {
107                 f = wsi->u.hdr.ah->frags[f].nfrag;
108                 if (!f)
109                         return -1;
110                 n++;
111         }
112
113         if (wsi->u.hdr.ah->frags[f].len >= (len - 1))
114                 return -1;
115
116         memcpy(dst, &wsi->u.hdr.ah->data[wsi->u.hdr.ah->frags[f].offset],
117                wsi->u.hdr.ah->frags[f].len);
118         dst[wsi->u.hdr.ah->frags[f].len] = '\0';
119
120         return wsi->u.hdr.ah->frags[f].len;
121 }
122
123 LWS_VISIBLE int lws_hdr_copy(struct lws *wsi, char *dst, int len,
124                              enum lws_token_indexes h)
125 {
126         int toklen = lws_hdr_total_length(wsi, h);
127         int n;
128
129         if (toklen >= len)
130                 return -1;
131
132         n = wsi->u.hdr.ah->frag_index[h];
133         if (!n)
134                 return 0;
135
136         do {
137                 strcpy(dst, &wsi->u.hdr.ah->data[wsi->u.hdr.ah->frags[n].offset]);
138                 dst += wsi->u.hdr.ah->frags[n].len;
139                 n = wsi->u.hdr.ah->frags[n].nfrag;
140         } while (n);
141
142         return toklen;
143 }
144
145 char *lws_hdr_simple_ptr(struct lws *wsi, enum lws_token_indexes h)
146 {
147         int n;
148
149         n = wsi->u.hdr.ah->frag_index[h];
150         if (!n)
151                 return NULL;
152
153         return &wsi->u.hdr.ah->data[wsi->u.hdr.ah->frags[n].offset];
154 }
155
156 int lws_hdr_simple_create(struct lws *wsi, enum lws_token_indexes h,
157                           const char *s)
158 {
159         wsi->u.hdr.ah->nfrag++;
160         if (wsi->u.hdr.ah->nfrag == ARRAY_SIZE(wsi->u.hdr.ah->frags)) {
161                 lwsl_warn("More hdr frags than we can deal with, dropping\n");
162                 return -1;
163         }
164
165         wsi->u.hdr.ah->frag_index[h] = wsi->u.hdr.ah->nfrag;
166
167         wsi->u.hdr.ah->frags[wsi->u.hdr.ah->nfrag].offset = wsi->u.hdr.ah->pos;
168         wsi->u.hdr.ah->frags[wsi->u.hdr.ah->nfrag].len = 0;
169         wsi->u.hdr.ah->frags[wsi->u.hdr.ah->nfrag].nfrag = 0;
170
171         do {
172                 if (wsi->u.hdr.ah->pos == sizeof(wsi->u.hdr.ah->data)) {
173                         lwsl_err("Ran out of header data space\n");
174                         return -1;
175                 }
176                 wsi->u.hdr.ah->data[wsi->u.hdr.ah->pos++] = *s;
177                 if (*s)
178                         wsi->u.hdr.ah->frags[wsi->u.hdr.ah->nfrag].len++;
179         } while (*s++);
180
181         return 0;
182 }
183
184 static signed char char_to_hex(const char c)
185 {
186         if (c >= '0' && c <= '9')
187                 return c - '0';
188
189         if (c >= 'a' && c <= 'f')
190                 return c - 'a' + 10;
191
192         if (c >= 'A' && c <= 'F')
193                 return c - 'A' + 10;
194
195         return -1;
196 }
197
198 static int issue_char(struct lws *wsi, unsigned char c)
199 {
200         unsigned short frag_len;
201
202         if (wsi->u.hdr.ah->pos == sizeof(wsi->u.hdr.ah->data)) {
203                 lwsl_warn("excessive header content\n");
204                 return -1;
205         }
206
207         frag_len = wsi->u.hdr.ah->frags[wsi->u.hdr.ah->nfrag].len;
208         /*
209          * If we haven't hit the token limit, just copy the character into
210          * the header
211          */
212         if (frag_len < wsi->u.hdr.current_token_limit) {
213                 wsi->u.hdr.ah->data[wsi->u.hdr.ah->pos++] = c;
214                 if (c)
215                         wsi->u.hdr.ah->frags[wsi->u.hdr.ah->nfrag].len++;
216                 return 0;
217         }
218
219         /* Insert a null character when we *hit* the limit: */
220         if (frag_len == wsi->u.hdr.current_token_limit) {
221                 wsi->u.hdr.ah->data[wsi->u.hdr.ah->pos++] = '\0';
222                 lwsl_warn("header %i exceeds limit\n",
223                           wsi->u.hdr.parser_state);
224         }
225
226         return 1;
227 }
228
229 int lws_parse(struct lws *wsi, unsigned char c)
230 {
231         static const unsigned char methods[] = {
232                 WSI_TOKEN_GET_URI,
233                 WSI_TOKEN_POST_URI,
234                 WSI_TOKEN_OPTIONS_URI,
235                 WSI_TOKEN_PUT_URI,
236                 WSI_TOKEN_PATCH_URI,
237                 WSI_TOKEN_DELETE_URI,
238         };
239         struct allocated_headers *ah = wsi->u.hdr.ah;
240         struct lws_context *context = wsi->context;
241         unsigned int n, m, enc = 0;
242
243         switch (wsi->u.hdr.parser_state) {
244         default:
245
246                 lwsl_parser("WSI_TOK_(%d) '%c'\n", wsi->u.hdr.parser_state, c);
247
248                 /* collect into malloc'd buffers */
249                 /* optional initial space swallow */
250                 if (!ah->frags[ah->frag_index[
251                                       wsi->u.hdr.parser_state]].len && c == ' ')
252                         break;
253
254                 for (m = 0; m < ARRAY_SIZE(methods); m++)
255                         if (wsi->u.hdr.parser_state == methods[m])
256                                 break;
257                 if (m == ARRAY_SIZE(methods))
258                         /* it was not any of the methods */
259                         goto check_eol;
260
261                 /* special URI processing... end at space */
262
263                 if (c == ' ') {
264                         /* enforce starting with / */
265                         if (!ah->frags[ah->nfrag].len)
266                                 if (issue_char(wsi, '/') < 0)
267                                         return -1;
268
269                         /* begin parsing HTTP version: */
270                         if (issue_char(wsi, '\0') < 0)
271                                 return -1;
272                         wsi->u.hdr.parser_state = WSI_TOKEN_HTTP;
273                         goto start_fragment;
274                 }
275
276                 /* special URI processing... convert %xx */
277
278                 switch (wsi->u.hdr.ues) {
279                 case URIES_IDLE:
280                         if (c == '%') {
281                                 wsi->u.hdr.ues = URIES_SEEN_PERCENT;
282                                 goto swallow;
283                         }
284                         break;
285                 case URIES_SEEN_PERCENT:
286                         if (char_to_hex(c) < 0) {
287                                 /* regurgitate */
288                                 if (issue_char(wsi, '%') < 0)
289                                         return -1;
290                                 wsi->u.hdr.ues = URIES_IDLE;
291                                 /* continue on to assess c */
292                                 break;
293                         }
294                         wsi->u.hdr.esc_stash = c;
295                         wsi->u.hdr.ues = URIES_SEEN_PERCENT_H1;
296                         goto swallow;
297
298                 case URIES_SEEN_PERCENT_H1:
299                         if (char_to_hex(c) < 0) {
300                                 /* regurgitate */
301                                 issue_char(wsi, '%');
302                                 wsi->u.hdr.ues = URIES_IDLE;
303                                 /* regurgitate + assess */
304                                 if (lws_parse(wsi, wsi->u.hdr.esc_stash) < 0)
305                                         return -1;
306                                 /* continue on to assess c */
307                                 break;
308                         }
309                         c = (char_to_hex(wsi->u.hdr.esc_stash) << 4) |
310                                         char_to_hex(c);
311                         enc = 1;
312                         wsi->u.hdr.ues = URIES_IDLE;
313                         break;
314                 }
315
316                 /*
317                  * special URI processing...
318                  *  convert /.. or /... or /../ etc to /
319                  *  convert /./ to /
320                  *  convert // or /// etc to /
321                  *  leave /.dir or whatever alone
322                  */
323
324                 switch (wsi->u.hdr.ups) {
325                 case URIPS_IDLE:
326                         /* issue the first / always */
327                         if (c == '/')
328                                 wsi->u.hdr.ups = URIPS_SEEN_SLASH;
329                         break;
330                 case URIPS_SEEN_SLASH:
331                         /* swallow subsequent slashes */
332                         if (c == '/')
333                                 goto swallow;
334                         /* track and swallow the first . after / */
335                         if (c == '.') {
336                                 wsi->u.hdr.ups = URIPS_SEEN_SLASH_DOT;
337                                 goto swallow;
338                         }
339                         wsi->u.hdr.ups = URIPS_IDLE;
340                         break;
341                 case URIPS_SEEN_SLASH_DOT:
342                         /* swallow second . */
343                         if (c == '.') {
344                                 /*
345                                  * back up one dir level if possible
346                                  * safe against header fragmentation because
347                                  * the method URI can only be in 1 fragment
348                                  */
349                                 if (ah->frags[ah->nfrag].len > 2) {
350                                         ah->pos--;
351                                         ah->frags[ah->nfrag].len--;
352                                         do {
353                                                 ah->pos--;
354                                                 ah->frags[ah->nfrag].len--;
355                                         } while (ah->frags[ah->nfrag].len > 1 &&
356                                                  ah->data[ah->pos] != '/');
357                                 }
358                                 wsi->u.hdr.ups = URIPS_SEEN_SLASH_DOT_DOT;
359                                 goto swallow;
360                         }
361                         /* change /./ to / */
362                         if (c == '/') {
363                                 wsi->u.hdr.ups = URIPS_SEEN_SLASH;
364                                 goto swallow;
365                         }
366                         /* it was like /.dir ... regurgitate the . */
367                         wsi->u.hdr.ups = URIPS_IDLE;
368                         issue_char(wsi, '.');
369                         break;
370
371                 case URIPS_SEEN_SLASH_DOT_DOT:
372                         /* swallow prior .. chars and any subsequent . */
373                         if (c == '.')
374                                 goto swallow;
375                         /* last issued was /, so another / == // */
376                         if (c == '/')
377                                 goto swallow;
378                         /* last we issued was / so SEEN_SLASH */
379                         wsi->u.hdr.ups = URIPS_SEEN_SLASH;
380                         break;
381                 }
382
383                 if (c == '?' && !enc) { /* start of URI arguments */
384                         /* seal off uri header */
385                         ah->data[ah->pos++] = '\0';
386
387                         /* move to using WSI_TOKEN_HTTP_URI_ARGS */
388                         ah->nfrag++;
389                         ah->frags[ah->nfrag].offset = ah->pos;
390                         ah->frags[ah->nfrag].len = 0;
391                         ah->frags[ah->nfrag].nfrag = 0;
392
393                         ah->frag_index[WSI_TOKEN_HTTP_URI_ARGS] = ah->nfrag;
394
395                         /* defeat normal uri path processing */
396                         wsi->u.hdr.ups = URIPS_IDLE;
397                         goto swallow;
398                 }
399
400 check_eol:
401
402                 /* bail at EOL */
403                 if (wsi->u.hdr.parser_state != WSI_TOKEN_CHALLENGE &&
404                                                                   c == '\x0d') {
405                         c = '\0';
406                         wsi->u.hdr.parser_state = WSI_TOKEN_SKIPPING_SAW_CR;
407                         lwsl_parser("*\n");
408                 }
409
410                 n = issue_char(wsi, c);
411                 if ((int)n < 0)
412                         return -1;
413                 if (n > 0)
414                         wsi->u.hdr.parser_state = WSI_TOKEN_SKIPPING;
415
416 swallow:
417                 /* per-protocol end of headers management */
418
419                 if (wsi->u.hdr.parser_state == WSI_TOKEN_CHALLENGE)
420                         goto set_parsing_complete;
421                 break;
422
423                 /* collecting and checking a name part */
424         case WSI_TOKEN_NAME_PART:
425                 lwsl_parser("WSI_TOKEN_NAME_PART '%c' (mode=%d)\n", c, wsi->mode);
426
427                 wsi->u.hdr.lextable_pos =
428                                 lextable_decode(wsi->u.hdr.lextable_pos, c);
429                 /*
430                  * Server needs to look out for unknown methods...
431                  */
432                 if (wsi->u.hdr.lextable_pos < 0 &&
433                     wsi->mode == LWS_CONNMODE_HTTP_SERVING) {
434                         /* this is not a header we know about */
435                         for (m = 0; m < ARRAY_SIZE(methods); m++)
436                                 if (ah->frag_index[methods[m]]) {
437                                         /*
438                                          * already had the method, no idea what
439                                          * this crap from the client is, ignore
440                                          */
441                                         wsi->u.hdr.parser_state = WSI_TOKEN_SKIPPING;
442                                         break;
443                                 }
444                         /*
445                          * hm it's an unknown http method from a client in fact,
446                          * treat as dangerous
447                          */
448                         if (m == ARRAY_SIZE(methods)) {
449                                 lwsl_info("Unknown method - dropping\n");
450                                 return -1;
451                         }
452                         break;
453                 }
454                 /*
455                  * ...otherwise for a client, let him ignore unknown headers
456                  * coming from the server
457                  */
458                 if (wsi->u.hdr.lextable_pos < 0) {
459                         wsi->u.hdr.parser_state = WSI_TOKEN_SKIPPING;
460                         break;
461                 }
462
463                 if (lextable[wsi->u.hdr.lextable_pos] < FAIL_CHAR) {
464                         /* terminal state */
465
466                         n = ((unsigned int)lextable[wsi->u.hdr.lextable_pos] << 8) |
467                                         lextable[wsi->u.hdr.lextable_pos + 1];
468
469                         lwsl_parser("known hdr %d\n", n);
470                         for (m = 0; m < ARRAY_SIZE(methods); m++)
471                                 if (n == methods[m] &&
472                                                 ah->frag_index[
473                                                         methods[m]]) {
474                                         lwsl_warn("Duplicated method\n");
475                                         return -1;
476                                 }
477
478                         /*
479                          * WSORIGIN is protocol equiv to ORIGIN,
480                          * JWebSocket likes to send it, map to ORIGIN
481                          */
482                         if (n == WSI_TOKEN_SWORIGIN)
483                                 n = WSI_TOKEN_ORIGIN;
484
485                         wsi->u.hdr.parser_state = (enum lws_token_indexes)
486                                                         (WSI_TOKEN_GET_URI + n);
487
488                         if (context->token_limits)
489                                 wsi->u.hdr.current_token_limit =
490                                         context->token_limits->token_limit[
491                                                        wsi->u.hdr.parser_state];
492                         else
493                                 wsi->u.hdr.current_token_limit = sizeof(ah->data);
494
495                         if (wsi->u.hdr.parser_state == WSI_TOKEN_CHALLENGE)
496                                 goto set_parsing_complete;
497
498                         goto start_fragment;
499                 }
500                 break;
501
502 start_fragment:
503                 ah->nfrag++;
504                 if (ah->nfrag == ARRAY_SIZE(ah->frags)) {
505                         lwsl_warn("More hdr frags than we can deal with\n");
506                         return -1;
507                 }
508
509                 ah->frags[ah->nfrag].offset = ah->pos;
510                 ah->frags[ah->nfrag].len = 0;
511                 ah->frags[ ah->nfrag].nfrag = 0;
512
513                 n = ah->frag_index[wsi->u.hdr.parser_state];
514                 if (!n) { /* first fragment */
515                         ah->frag_index[wsi->u.hdr.parser_state] = ah->nfrag;
516                         break;
517                 }
518                 /* continuation */
519                 while (ah->frags[n].nfrag)
520                                 n = ah->frags[n].nfrag;
521                 ah->frags[n].nfrag = ah->nfrag;
522
523                 if (ah->pos == sizeof(ah->data)) {
524                         lwsl_warn("excessive header content\n");
525                         return -1;
526                 }
527
528                 ah->data[ah->pos++] = ' ';
529                 ah->frags[ah->nfrag].len++;
530                 break;
531
532                 /* skipping arg part of a name we didn't recognize */
533         case WSI_TOKEN_SKIPPING:
534                 lwsl_parser("WSI_TOKEN_SKIPPING '%c'\n", c);
535
536                 if (c == '\x0d')
537                         wsi->u.hdr.parser_state = WSI_TOKEN_SKIPPING_SAW_CR;
538                 break;
539
540         case WSI_TOKEN_SKIPPING_SAW_CR:
541                 lwsl_parser("WSI_TOKEN_SKIPPING_SAW_CR '%c'\n", c);
542                 if (c == '\x0a') {
543                         wsi->u.hdr.parser_state = WSI_TOKEN_NAME_PART;
544                         wsi->u.hdr.lextable_pos = 0;
545                 } else
546                         wsi->u.hdr.parser_state = WSI_TOKEN_SKIPPING;
547                 break;
548                 /* we're done, ignore anything else */
549
550         case WSI_PARSING_COMPLETE:
551                 lwsl_parser("WSI_PARSING_COMPLETE '%c'\n", c);
552                 break;
553         }
554
555         return 0;
556
557 set_parsing_complete:
558
559         if (lws_hdr_total_length(wsi, WSI_TOKEN_UPGRADE)) {
560                 if (lws_hdr_total_length(wsi, WSI_TOKEN_VERSION))
561                         wsi->ietf_spec_revision =
562                                atoi(lws_hdr_simple_ptr(wsi, WSI_TOKEN_VERSION));
563
564                 lwsl_parser("v%02d hdrs completed\n", wsi->ietf_spec_revision);
565         }
566         wsi->u.hdr.parser_state = WSI_PARSING_COMPLETE;
567         wsi->hdr_parsing_completed = 1;
568
569         return 0;
570 }
571
572
573 /**
574  * lws_frame_is_binary: true if the current frame was sent in binary mode
575  *
576  * @wsi: the connection we are inquiring about
577  *
578  * This is intended to be called from the LWS_CALLBACK_RECEIVE callback if
579  * it's interested to see if the frame it's dealing with was sent in binary
580  * mode.
581  */
582
583 LWS_VISIBLE int lws_frame_is_binary(struct lws *wsi)
584 {
585         return wsi->u.ws.frame_is_binary;
586 }
587
588 int
589 lws_rx_sm(struct lws *wsi, unsigned char c)
590 {
591         struct lws_tokens eff_buf;
592         int ret = 0;
593         int callback_action = LWS_CALLBACK_RECEIVE;
594
595         switch (wsi->lws_rx_parse_state) {
596         case LWS_RXPS_NEW:
597
598                 switch (wsi->ietf_spec_revision) {
599                 case 13:
600                         /*
601                          * no prepended frame key any more
602                          */
603                         wsi->u.ws.all_zero_nonce = 1;
604                         goto handle_first;
605
606                 default:
607                         lwsl_warn("lws_rx_sm: unknown spec version %d\n",
608                                                        wsi->ietf_spec_revision);
609                         break;
610                 }
611                 break;
612         case LWS_RXPS_04_MASK_NONCE_1:
613                 wsi->u.ws.frame_masking_nonce_04[1] = c;
614                 if (c)
615                         wsi->u.ws.all_zero_nonce = 0;
616                 wsi->lws_rx_parse_state = LWS_RXPS_04_MASK_NONCE_2;
617                 break;
618         case LWS_RXPS_04_MASK_NONCE_2:
619                 wsi->u.ws.frame_masking_nonce_04[2] = c;
620                 if (c)
621                         wsi->u.ws.all_zero_nonce = 0;
622                 wsi->lws_rx_parse_state = LWS_RXPS_04_MASK_NONCE_3;
623                 break;
624         case LWS_RXPS_04_MASK_NONCE_3:
625                 wsi->u.ws.frame_masking_nonce_04[3] = c;
626                 if (c)
627                         wsi->u.ws.all_zero_nonce = 0;
628
629                 /*
630                  * start from the zero'th byte in the XOR key buffer since
631                  * this is the start of a frame with a new key
632                  */
633
634                 wsi->u.ws.frame_mask_index = 0;
635
636                 wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_1;
637                 break;
638
639         /*
640          *  04 logical framing from the spec (all this is masked when incoming
641          *  and has to be unmasked)
642          *
643          * We ignore the possibility of extension data because we don't
644          * negotiate any extensions at the moment.
645          *
646          *    0                   1                   2                   3
647          *    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
648          *   +-+-+-+-+-------+-+-------------+-------------------------------+
649          *   |F|R|R|R| opcode|R| Payload len |    Extended payload length    |
650          *   |I|S|S|S|  (4)  |S|     (7)     |             (16/63)           |
651          *   |N|V|V|V|       |V|             |   (if payload len==126/127)   |
652          *   | |1|2|3|       |4|             |                               |
653          *   +-+-+-+-+-------+-+-------------+ - - - - - - - - - - - - - - - +
654          *   |     Extended payload length continued, if payload len == 127  |
655          *   + - - - - - - - - - - - - - - - +-------------------------------+
656          *   |                               |         Extension data        |
657          *   +-------------------------------+ - - - - - - - - - - - - - - - +
658          *   :                                                               :
659          *   +---------------------------------------------------------------+
660          *   :                       Application data                        :
661          *   +---------------------------------------------------------------+
662          *
663          *  We pass payload through to userland as soon as we get it, ignoring
664          *  FIN.  It's up to userland to buffer it up if it wants to see a
665          *  whole unfragmented block of the original size (which may be up to
666          *  2^63 long!)
667          */
668
669         case LWS_RXPS_04_FRAME_HDR_1:
670 handle_first:
671
672                 wsi->u.ws.opcode = c & 0xf;
673                 wsi->u.ws.rsv = c & 0x70;
674                 wsi->u.ws.final = !!((c >> 7) & 1);
675
676                 switch (wsi->u.ws.opcode) {
677                 case LWS_WS_OPCODE_07__TEXT_FRAME:
678                 case LWS_WS_OPCODE_07__BINARY_FRAME:
679                         wsi->u.ws.frame_is_binary =
680                              wsi->u.ws.opcode == LWS_WS_OPCODE_07__BINARY_FRAME;
681                         break;
682                 }
683                 wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN;
684                 break;
685
686         case LWS_RXPS_04_FRAME_HDR_LEN:
687
688                 wsi->u.ws.this_frame_masked = !!(c & 0x80);
689
690                 switch (c & 0x7f) {
691                 case 126:
692                         /* control frames are not allowed to have big lengths */
693                         if (wsi->u.ws.opcode & 8)
694                                 goto illegal_ctl_length;
695
696                         wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN16_2;
697                         break;
698                 case 127:
699                         /* control frames are not allowed to have big lengths */
700                         if (wsi->u.ws.opcode & 8)
701                                 goto illegal_ctl_length;
702
703                         wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_8;
704                         break;
705                 default:
706                         wsi->u.ws.rx_packet_length = c & 0x7f;
707                         if (wsi->u.ws.this_frame_masked)
708                                 wsi->lws_rx_parse_state =
709                                                 LWS_RXPS_07_COLLECT_FRAME_KEY_1;
710                         else
711                                 if (wsi->u.ws.rx_packet_length)
712                                         wsi->lws_rx_parse_state =
713                                         LWS_RXPS_PAYLOAD_UNTIL_LENGTH_EXHAUSTED;
714                                 else {
715                                         wsi->lws_rx_parse_state = LWS_RXPS_NEW;
716                                         goto spill;
717                                 }
718                         break;
719                 }
720                 break;
721
722         case LWS_RXPS_04_FRAME_HDR_LEN16_2:
723                 wsi->u.ws.rx_packet_length = c << 8;
724                 wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN16_1;
725                 break;
726
727         case LWS_RXPS_04_FRAME_HDR_LEN16_1:
728                 wsi->u.ws.rx_packet_length |= c;
729                 if (wsi->u.ws.this_frame_masked)
730                         wsi->lws_rx_parse_state =
731                                         LWS_RXPS_07_COLLECT_FRAME_KEY_1;
732                 else
733                         wsi->lws_rx_parse_state =
734                                 LWS_RXPS_PAYLOAD_UNTIL_LENGTH_EXHAUSTED;
735                 break;
736
737         case LWS_RXPS_04_FRAME_HDR_LEN64_8:
738                 if (c & 0x80) {
739                         lwsl_warn("b63 of length must be zero\n");
740                         /* kill the connection */
741                         return -1;
742                 }
743 #if defined __LP64__
744                 wsi->u.ws.rx_packet_length = ((size_t)c) << 56;
745 #else
746                 wsi->u.ws.rx_packet_length = 0;
747 #endif
748                 wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_7;
749                 break;
750
751         case LWS_RXPS_04_FRAME_HDR_LEN64_7:
752 #if defined __LP64__
753                 wsi->u.ws.rx_packet_length |= ((size_t)c) << 48;
754 #endif
755                 wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_6;
756                 break;
757
758         case LWS_RXPS_04_FRAME_HDR_LEN64_6:
759 #if defined __LP64__
760                 wsi->u.ws.rx_packet_length |= ((size_t)c) << 40;
761 #endif
762                 wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_5;
763                 break;
764
765         case LWS_RXPS_04_FRAME_HDR_LEN64_5:
766 #if defined __LP64__
767                 wsi->u.ws.rx_packet_length |= ((size_t)c) << 32;
768 #endif
769                 wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_4;
770                 break;
771
772         case LWS_RXPS_04_FRAME_HDR_LEN64_4:
773                 wsi->u.ws.rx_packet_length |= ((size_t)c) << 24;
774                 wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_3;
775                 break;
776
777         case LWS_RXPS_04_FRAME_HDR_LEN64_3:
778                 wsi->u.ws.rx_packet_length |= ((size_t)c) << 16;
779                 wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_2;
780                 break;
781
782         case LWS_RXPS_04_FRAME_HDR_LEN64_2:
783                 wsi->u.ws.rx_packet_length |= ((size_t)c) << 8;
784                 wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_1;
785                 break;
786
787         case LWS_RXPS_04_FRAME_HDR_LEN64_1:
788                 wsi->u.ws.rx_packet_length |= ((size_t)c);
789                 if (wsi->u.ws.this_frame_masked)
790                         wsi->lws_rx_parse_state =
791                                         LWS_RXPS_07_COLLECT_FRAME_KEY_1;
792                 else
793                         wsi->lws_rx_parse_state =
794                                 LWS_RXPS_PAYLOAD_UNTIL_LENGTH_EXHAUSTED;
795                 break;
796
797         case LWS_RXPS_07_COLLECT_FRAME_KEY_1:
798                 wsi->u.ws.frame_masking_nonce_04[0] = c;
799                 if (c)
800                         wsi->u.ws.all_zero_nonce = 0;
801                 wsi->lws_rx_parse_state = LWS_RXPS_07_COLLECT_FRAME_KEY_2;
802                 break;
803
804         case LWS_RXPS_07_COLLECT_FRAME_KEY_2:
805                 wsi->u.ws.frame_masking_nonce_04[1] = c;
806                 if (c)
807                         wsi->u.ws.all_zero_nonce = 0;
808                 wsi->lws_rx_parse_state = LWS_RXPS_07_COLLECT_FRAME_KEY_3;
809                 break;
810
811         case LWS_RXPS_07_COLLECT_FRAME_KEY_3:
812                 wsi->u.ws.frame_masking_nonce_04[2] = c;
813                 if (c)
814                         wsi->u.ws.all_zero_nonce = 0;
815                 wsi->lws_rx_parse_state = LWS_RXPS_07_COLLECT_FRAME_KEY_4;
816                 break;
817
818         case LWS_RXPS_07_COLLECT_FRAME_KEY_4:
819                 wsi->u.ws.frame_masking_nonce_04[3] = c;
820                 if (c)
821                         wsi->u.ws.all_zero_nonce = 0;
822                 wsi->lws_rx_parse_state =
823                                         LWS_RXPS_PAYLOAD_UNTIL_LENGTH_EXHAUSTED;
824                 wsi->u.ws.frame_mask_index = 0;
825                 if (wsi->u.ws.rx_packet_length == 0) {
826                         wsi->lws_rx_parse_state = LWS_RXPS_NEW;
827                         goto spill;
828                 }
829                 break;
830
831
832         case LWS_RXPS_PAYLOAD_UNTIL_LENGTH_EXHAUSTED:
833
834                 if (!wsi->u.ws.rx_user_buffer) {
835                         lwsl_err("NULL user buffer...\n");
836                         return 1;
837                 }
838
839                 if (wsi->u.ws.all_zero_nonce)
840                         wsi->u.ws.rx_user_buffer[LWS_SEND_BUFFER_PRE_PADDING +
841                                (wsi->u.ws.rx_user_buffer_head++)] = c;
842                 else
843                         wsi->u.ws.rx_user_buffer[LWS_SEND_BUFFER_PRE_PADDING +
844                                (wsi->u.ws.rx_user_buffer_head++)] =
845                                    c ^ wsi->u.ws.frame_masking_nonce_04[
846                                             (wsi->u.ws.frame_mask_index++) & 3];
847
848                 if (--wsi->u.ws.rx_packet_length == 0) {
849                         /* spill because we have the whole frame */
850                         wsi->lws_rx_parse_state = LWS_RXPS_NEW;
851                         goto spill;
852                 }
853
854                 /*
855                  * if there's no protocol max frame size given, we are
856                  * supposed to default to LWS_MAX_SOCKET_IO_BUF
857                  */
858
859                 if (!wsi->protocol->rx_buffer_size &&
860                                         wsi->u.ws.rx_user_buffer_head !=
861                                                           LWS_MAX_SOCKET_IO_BUF)
862                         break;
863                 else
864                         if (wsi->protocol->rx_buffer_size &&
865                                         wsi->u.ws.rx_user_buffer_head !=
866                                                   wsi->protocol->rx_buffer_size)
867                         break;
868
869                 /* spill because we filled our rx buffer */
870 spill:
871                 /*
872                  * is this frame a control packet we should take care of at this
873                  * layer?  If so service it and hide it from the user callback
874                  */
875
876                 lwsl_parser("spill on %s\n", wsi->protocol->name);
877
878                 switch (wsi->u.ws.opcode) {
879                 case LWS_WS_OPCODE_07__CLOSE:
880                         /* is this an acknowledgement of our close? */
881                         if (wsi->state == WSI_STATE_AWAITING_CLOSE_ACK) {
882                                 /*
883                                  * fine he has told us he is closing too, let's
884                                  * finish our close
885                                  */
886                                 lwsl_parser("seen client close ack\n");
887                                 return -1;
888                         }
889                         if (wsi->state == WSI_STATE_RETURNED_CLOSE_ALREADY)
890                                 /* if he sends us 2 CLOSE, kill him */
891                                 return -1;
892
893                         lwsl_parser("server sees client close packet\n");
894                         wsi->state = WSI_STATE_RETURNED_CLOSE_ALREADY;
895                         /* deal with the close packet contents as a PONG */
896                         wsi->u.ws.payload_is_close = 1;
897                         goto process_as_ping;
898
899                 case LWS_WS_OPCODE_07__PING:
900                         lwsl_info("received %d byte ping, sending pong\n",
901                                                  wsi->u.ws.rx_user_buffer_head);
902
903                         if (wsi->u.ws.ping_pending_flag) {
904                                 /*
905                                  * there is already a pending ping payload
906                                  * we should just log and drop
907                                  */
908                                 lwsl_parser("DROP PING since one pending\n");
909                                 goto ping_drop;
910                         }
911 process_as_ping:
912                         /* control packets can only be < 128 bytes long */
913                         if (wsi->u.ws.rx_user_buffer_head > 128 - 4) {
914                                 lwsl_parser("DROP PING payload too large\n");
915                                 goto ping_drop;
916                         }
917
918                         /* if existing buffer is too small, drop it */
919                         if (wsi->u.ws.ping_payload_buf &&
920                             wsi->u.ws.ping_payload_alloc < wsi->u.ws.rx_user_buffer_head) {
921                                 lws_free2(wsi->u.ws.ping_payload_buf);
922                         }
923
924                         /* if no buffer, allocate it */
925                         if (!wsi->u.ws.ping_payload_buf) {
926                                 wsi->u.ws.ping_payload_buf = lws_malloc(wsi->u.ws.rx_user_buffer_head
927                                                                         + LWS_SEND_BUFFER_PRE_PADDING);
928                                 wsi->u.ws.ping_payload_alloc = wsi->u.ws.rx_user_buffer_head;
929                         }
930
931                         /* stash the pong payload */
932                         memcpy(wsi->u.ws.ping_payload_buf + LWS_SEND_BUFFER_PRE_PADDING,
933                                &wsi->u.ws.rx_user_buffer[LWS_SEND_BUFFER_PRE_PADDING],
934                                 wsi->u.ws.rx_user_buffer_head);
935
936                         wsi->u.ws.ping_payload_len = wsi->u.ws.rx_user_buffer_head;
937                         wsi->u.ws.ping_pending_flag = 1;
938
939                         /* get it sent as soon as possible */
940                         lws_callback_on_writable(lws_get_ctx(wsi), wsi);
941 ping_drop:
942                         wsi->u.ws.rx_user_buffer_head = 0;
943                         return 0;
944
945                 case LWS_WS_OPCODE_07__PONG:
946                         lwsl_info("received pong\n");
947                         lwsl_hexdump(&wsi->u.ws.rx_user_buffer[LWS_SEND_BUFFER_PRE_PADDING],
948                                      wsi->u.ws.rx_user_buffer_head);
949
950                         /* issue it */
951                         callback_action = LWS_CALLBACK_RECEIVE_PONG;
952                         break;
953
954                 case LWS_WS_OPCODE_07__TEXT_FRAME:
955                 case LWS_WS_OPCODE_07__BINARY_FRAME:
956                 case LWS_WS_OPCODE_07__CONTINUATION:
957                         break;
958
959                 default:
960                         lwsl_parser("passing opc %x up to exts\n",
961                                                         wsi->u.ws.opcode);
962                         /*
963                          * It's something special we can't understand here.
964                          * Pass the payload up to the extension's parsing
965                          * state machine.
966                          */
967
968                         eff_buf.token = &wsi->u.ws.rx_user_buffer[
969                                                    LWS_SEND_BUFFER_PRE_PADDING];
970                         eff_buf.token_len = wsi->u.ws.rx_user_buffer_head;
971
972                         if (lws_ext_callback_for_each_active(wsi,
973                                 LWS_EXT_CALLBACK_EXTENDED_PAYLOAD_RX,
974                                         &eff_buf, 0) <= 0) /* not handle or fail */
975                                 lwsl_ext("ext opc opcode 0x%x unknown\n",
976                                                               wsi->u.ws.opcode);
977
978                         wsi->u.ws.rx_user_buffer_head = 0;
979                         return 0;
980                 }
981
982                 /*
983                  * No it's real payload, pass it up to the user callback.
984                  * It's nicely buffered with the pre-padding taken care of
985                  * so it can be sent straight out again using lws_write
986                  */
987
988                 eff_buf.token = &wsi->u.ws.rx_user_buffer[
989                                                 LWS_SEND_BUFFER_PRE_PADDING];
990                 eff_buf.token_len = wsi->u.ws.rx_user_buffer_head;
991
992                 if (lws_ext_callback_for_each_active(wsi,
993                                 LWS_EXT_CALLBACK_PAYLOAD_RX, &eff_buf, 0) < 0)
994                         return -1;
995
996                 if (eff_buf.token_len > 0 ||
997                     callback_action == LWS_CALLBACK_RECEIVE_PONG) {
998                         eff_buf.token[eff_buf.token_len] = '\0';
999
1000                         if (wsi->protocol->callback) {
1001
1002                                 if (callback_action == LWS_CALLBACK_RECEIVE_PONG)
1003                                     lwsl_info("Doing pong callback\n");
1004
1005                                 ret = user_callback_handle_rxflow(
1006                                                 wsi->protocol->callback,
1007                                                 lws_get_ctx(wsi),
1008                                                 wsi,
1009                                                 (enum lws_callback_reasons)callback_action,
1010                                                 wsi->user_space,
1011                                                 eff_buf.token,
1012                                                 eff_buf.token_len);
1013                         }
1014                         else
1015                                 lwsl_err("No callback on payload spill!\n");
1016                 }
1017
1018                 wsi->u.ws.rx_user_buffer_head = 0;
1019                 break;
1020         }
1021
1022         return ret;
1023
1024 illegal_ctl_length:
1025
1026         lwsl_warn("Control frame with xtended length is illegal\n");
1027         /* kill the connection */
1028         return -1;
1029 }
1030
1031
1032 /**
1033  * lws_remaining_packet_payload() - Bytes to come before "overall"
1034  *                                            rx packet is complete
1035  * @wsi:                Websocket instance (available from user callback)
1036  *
1037  *      This function is intended to be called from the callback if the
1038  *  user code is interested in "complete packets" from the client.
1039  *  libwebsockets just passes through payload as it comes and issues a buffer
1040  *  additionally when it hits a built-in limit.  The LWS_CALLBACK_RECEIVE
1041  *  callback handler can use this API to find out if the buffer it has just
1042  *  been given is the last piece of a "complete packet" from the client --
1043  *  when that is the case lws_remaining_packet_payload() will return
1044  *  0.
1045  *
1046  *  Many protocols won't care becuse their packets are always small.
1047  */
1048
1049 LWS_VISIBLE size_t
1050 lws_remaining_packet_payload(struct lws *wsi)
1051 {
1052         return wsi->u.ws.rx_packet_length;
1053 }
Domain: Network & Connectivity / Data Network;