1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "net/http/http_stream_parser.h" 6 7 #include "base/bind.h" 8 #include "base/compiler_specific.h" 9 #include "base/strings/string_util.h" 10 #include "base/values.h" 11 #include "net/base/io_buffer.h" 12 #include "net/base/ip_endpoint.h" 13 #include "net/base/upload_data_stream.h" 14 #include "net/http/http_chunked_decoder.h" 15 #include "net/http/http_request_headers.h" 16 #include "net/http/http_request_info.h" 17 #include "net/http/http_response_headers.h" 18 #include "net/http/http_util.h" 19 #include "net/socket/client_socket_handle.h" 20 #include "net/socket/ssl_client_socket.h" 21 22 namespace { 23 24 const size_t kMaxMergedHeaderAndBodySize = 1400; 25 const size_t kRequestBodyBufferSize = 1 << 14; // 16KB 26 27 std::string GetResponseHeaderLines(const net::HttpResponseHeaders& headers) { 28 std::string raw_headers = headers.raw_headers(); 29 const char* null_separated_headers = raw_headers.c_str(); 30 const char* header_line = null_separated_headers; 31 std::string cr_separated_headers; 32 while (header_line[0] != 0) { 33 cr_separated_headers += header_line; 34 cr_separated_headers += "\n"; 35 header_line += strlen(header_line) + 1; 36 } 37 return cr_separated_headers; 38 } 39 40 // Return true if |headers| contain multiple |field_name| fields with different 41 // values. 42 bool HeadersContainMultipleCopiesOfField( 43 const net::HttpResponseHeaders& headers, 44 const std::string& field_name) { 45 void* it = NULL; 46 std::string field_value; 47 if (!headers.EnumerateHeader(&it, field_name, &field_value)) 48 return false; 49 // There's at least one |field_name| header. Check if there are any more 50 // such headers, and if so, return true if they have different values. 51 std::string field_value2; 52 while (headers.EnumerateHeader(&it, field_name, &field_value2)) { 53 if (field_value != field_value2) 54 return true; 55 } 56 return false; 57 } 58 59 base::Value* NetLogSendRequestBodyCallback( 60 int length, 61 bool is_chunked, 62 bool did_merge, 63 net::NetLog::LogLevel /* log_level */) { 64 base::DictionaryValue* dict = new base::DictionaryValue(); 65 dict->SetInteger("length", length); 66 dict->SetBoolean("is_chunked", is_chunked); 67 dict->SetBoolean("did_merge", did_merge); 68 return dict; 69 } 70 71 } // namespace 72 73 namespace net { 74 75 // Similar to DrainableIOBuffer(), but this version comes with its own 76 // storage. The motivation is to avoid repeated allocations of 77 // DrainableIOBuffer. 78 // 79 // Example: 80 // 81 // scoped_refptr<SeekableIOBuffer> buf = new SeekableIOBuffer(1024); 82 // // capacity() == 1024. size() == BytesRemaining() == BytesConsumed() == 0. 83 // // data() points to the beginning of the buffer. 84 // 85 // // Read() takes an IOBuffer. 86 // int bytes_read = some_reader->Read(buf, buf->capacity()); 87 // buf->DidAppend(bytes_read); 88 // // size() == BytesRemaining() == bytes_read. data() is unaffected. 89 // 90 // while (buf->BytesRemaining() > 0) { 91 // // Write() takes an IOBuffer. If it takes const char*, we could 92 /// // simply use the regular IOBuffer like buf->data() + offset. 93 // int bytes_written = Write(buf, buf->BytesRemaining()); 94 // buf->DidConsume(bytes_written); 95 // } 96 // // BytesRemaining() == 0. BytesConsumed() == size(). 97 // // data() points to the end of the consumed bytes (exclusive). 98 // 99 // // If you want to reuse the buffer, be sure to clear the buffer. 100 // buf->Clear(); 101 // // size() == BytesRemaining() == BytesConsumed() == 0. 102 // // data() points to the beginning of the buffer. 103 // 104 class HttpStreamParser::SeekableIOBuffer : public net::IOBuffer { 105 public: 106 explicit SeekableIOBuffer(int capacity) 107 : IOBuffer(capacity), 108 real_data_(data_), 109 capacity_(capacity), 110 size_(0), 111 used_(0) { 112 } 113 114 // DidConsume() changes the |data_| pointer so that |data_| always points 115 // to the first unconsumed byte. 116 void DidConsume(int bytes) { 117 SetOffset(used_ + bytes); 118 } 119 120 // Returns the number of unconsumed bytes. 121 int BytesRemaining() const { 122 return size_ - used_; 123 } 124 125 // Seeks to an arbitrary point in the buffer. The notion of bytes consumed 126 // and remaining are updated appropriately. 127 void SetOffset(int bytes) { 128 DCHECK_GE(bytes, 0); 129 DCHECK_LE(bytes, size_); 130 used_ = bytes; 131 data_ = real_data_ + used_; 132 } 133 134 // Called after data is added to the buffer. Adds |bytes| added to 135 // |size_|. data() is unaffected. 136 void DidAppend(int bytes) { 137 DCHECK_GE(bytes, 0); 138 DCHECK_GE(size_ + bytes, 0); 139 DCHECK_LE(size_ + bytes, capacity_); 140 size_ += bytes; 141 } 142 143 // Changes the logical size to 0, and the offset to 0. 144 void Clear() { 145 size_ = 0; 146 SetOffset(0); 147 } 148 149 // Returns the logical size of the buffer (i.e the number of bytes of data 150 // in the buffer). 151 int size() const { return size_; } 152 153 // Returns the capacity of the buffer. The capacity is the size used when 154 // the object is created. 155 int capacity() const { return capacity_; }; 156 157 private: 158 virtual ~SeekableIOBuffer() { 159 // data_ will be deleted in IOBuffer::~IOBuffer(). 160 data_ = real_data_; 161 } 162 163 char* real_data_; 164 const int capacity_; 165 int size_; 166 int used_; 167 }; 168 169 // 2 CRLFs + max of 8 hex chars. 170 const size_t HttpStreamParser::kChunkHeaderFooterSize = 12; 171 172 HttpStreamParser::HttpStreamParser(ClientSocketHandle* connection, 173 const HttpRequestInfo* request, 174 GrowableIOBuffer* read_buffer, 175 const BoundNetLog& net_log) 176 : io_state_(STATE_NONE), 177 request_(request), 178 request_headers_(NULL), 179 read_buf_(read_buffer), 180 read_buf_unused_offset_(0), 181 response_header_start_offset_(-1), 182 response_body_length_(-1), 183 response_body_read_(0), 184 user_read_buf_(NULL), 185 user_read_buf_len_(0), 186 connection_(connection), 187 net_log_(net_log), 188 sent_last_chunk_(false), 189 weak_ptr_factory_(this) { 190 io_callback_ = base::Bind(&HttpStreamParser::OnIOComplete, 191 weak_ptr_factory_.GetWeakPtr()); 192 } 193 194 HttpStreamParser::~HttpStreamParser() { 195 } 196 197 int HttpStreamParser::SendRequest(const std::string& request_line, 198 const HttpRequestHeaders& headers, 199 HttpResponseInfo* response, 200 const CompletionCallback& callback) { 201 DCHECK_EQ(STATE_NONE, io_state_); 202 DCHECK(callback_.is_null()); 203 DCHECK(!callback.is_null()); 204 DCHECK(response); 205 206 net_log_.AddEvent( 207 NetLog::TYPE_HTTP_TRANSACTION_SEND_REQUEST_HEADERS, 208 base::Bind(&HttpRequestHeaders::NetLogCallback, 209 base::Unretained(&headers), 210 &request_line)); 211 212 DVLOG(1) << __FUNCTION__ << "()" 213 << " request_line = \"" << request_line << "\"" 214 << " headers = \"" << headers.ToString() << "\""; 215 response_ = response; 216 217 // Put the peer's IP address and port into the response. 218 IPEndPoint ip_endpoint; 219 int result = connection_->socket()->GetPeerAddress(&ip_endpoint); 220 if (result != OK) 221 return result; 222 response_->socket_address = HostPortPair::FromIPEndPoint(ip_endpoint); 223 224 std::string request = request_line + headers.ToString(); 225 226 if (request_->upload_data_stream != NULL) { 227 request_body_send_buf_ = new SeekableIOBuffer(kRequestBodyBufferSize); 228 if (request_->upload_data_stream->is_chunked()) { 229 // Read buffer is adjusted to guarantee that |request_body_send_buf_| is 230 // large enough to hold the encoded chunk. 231 request_body_read_buf_ = 232 new SeekableIOBuffer(kRequestBodyBufferSize - kChunkHeaderFooterSize); 233 } else { 234 // No need to encode request body, just send the raw data. 235 request_body_read_buf_ = request_body_send_buf_; 236 } 237 } 238 239 io_state_ = STATE_SENDING_HEADERS; 240 241 // If we have a small request body, then we'll merge with the headers into a 242 // single write. 243 bool did_merge = false; 244 if (ShouldMergeRequestHeadersAndBody(request, request_->upload_data_stream)) { 245 size_t merged_size = request.size() + request_->upload_data_stream->size(); 246 scoped_refptr<IOBuffer> merged_request_headers_and_body( 247 new IOBuffer(merged_size)); 248 // We'll repurpose |request_headers_| to store the merged headers and 249 // body. 250 request_headers_ = new DrainableIOBuffer( 251 merged_request_headers_and_body.get(), merged_size); 252 253 memcpy(request_headers_->data(), request.data(), request.size()); 254 request_headers_->DidConsume(request.size()); 255 256 size_t todo = request_->upload_data_stream->size(); 257 while (todo) { 258 int consumed = request_->upload_data_stream 259 ->Read(request_headers_.get(), todo, CompletionCallback()); 260 DCHECK_GT(consumed, 0); // Read() won't fail if not chunked. 261 request_headers_->DidConsume(consumed); 262 todo -= consumed; 263 } 264 DCHECK(request_->upload_data_stream->IsEOF()); 265 // Reset the offset, so the buffer can be read from the beginning. 266 request_headers_->SetOffset(0); 267 did_merge = true; 268 269 net_log_.AddEvent( 270 NetLog::TYPE_HTTP_TRANSACTION_SEND_REQUEST_BODY, 271 base::Bind(&NetLogSendRequestBodyCallback, 272 request_->upload_data_stream->size(), 273 false, /* not chunked */ 274 true /* merged */)); 275 } 276 277 if (!did_merge) { 278 // If we didn't merge the body with the headers, then |request_headers_| 279 // contains just the HTTP headers. 280 scoped_refptr<StringIOBuffer> headers_io_buf(new StringIOBuffer(request)); 281 request_headers_ = 282 new DrainableIOBuffer(headers_io_buf.get(), headers_io_buf->size()); 283 } 284 285 result = DoLoop(OK); 286 if (result == ERR_IO_PENDING) 287 callback_ = callback; 288 289 return result > 0 ? OK : result; 290 } 291 292 int HttpStreamParser::ReadResponseHeaders(const CompletionCallback& callback) { 293 DCHECK(io_state_ == STATE_REQUEST_SENT || io_state_ == STATE_DONE); 294 DCHECK(callback_.is_null()); 295 DCHECK(!callback.is_null()); 296 DCHECK_EQ(0, read_buf_unused_offset_); 297 298 // This function can be called with io_state_ == STATE_DONE if the 299 // connection is closed after seeing just a 1xx response code. 300 if (io_state_ == STATE_DONE) 301 return ERR_CONNECTION_CLOSED; 302 303 int result = OK; 304 io_state_ = STATE_READ_HEADERS; 305 306 if (read_buf_->offset() > 0) { 307 // Simulate the state where the data was just read from the socket. 308 result = read_buf_->offset(); 309 read_buf_->set_offset(0); 310 } 311 if (result > 0) 312 io_state_ = STATE_READ_HEADERS_COMPLETE; 313 314 result = DoLoop(result); 315 if (result == ERR_IO_PENDING) 316 callback_ = callback; 317 318 return result > 0 ? OK : result; 319 } 320 321 void HttpStreamParser::Close(bool not_reusable) { 322 if (not_reusable && connection_->socket()) 323 connection_->socket()->Disconnect(); 324 connection_->Reset(); 325 } 326 327 int HttpStreamParser::ReadResponseBody(IOBuffer* buf, int buf_len, 328 const CompletionCallback& callback) { 329 DCHECK(io_state_ == STATE_BODY_PENDING || io_state_ == STATE_DONE); 330 DCHECK(callback_.is_null()); 331 DCHECK(!callback.is_null()); 332 DCHECK_LE(buf_len, kMaxBufSize); 333 334 if (io_state_ == STATE_DONE) 335 return OK; 336 337 user_read_buf_ = buf; 338 user_read_buf_len_ = buf_len; 339 io_state_ = STATE_READ_BODY; 340 341 int result = DoLoop(OK); 342 if (result == ERR_IO_PENDING) 343 callback_ = callback; 344 345 return result; 346 } 347 348 void HttpStreamParser::OnIOComplete(int result) { 349 result = DoLoop(result); 350 351 // The client callback can do anything, including destroying this class, 352 // so any pending callback must be issued after everything else is done. 353 if (result != ERR_IO_PENDING && !callback_.is_null()) { 354 CompletionCallback c = callback_; 355 callback_.Reset(); 356 c.Run(result); 357 } 358 } 359 360 int HttpStreamParser::DoLoop(int result) { 361 bool can_do_more = true; 362 do { 363 switch (io_state_) { 364 case STATE_SENDING_HEADERS: 365 if (result < 0) 366 can_do_more = false; 367 else 368 result = DoSendHeaders(result); 369 break; 370 case STATE_SENDING_BODY: 371 if (result < 0) 372 can_do_more = false; 373 else 374 result = DoSendBody(result); 375 break; 376 case STATE_SEND_REQUEST_READING_BODY: 377 result = DoSendRequestReadingBody(result); 378 break; 379 case STATE_REQUEST_SENT: 380 DCHECK(result != ERR_IO_PENDING); 381 can_do_more = false; 382 break; 383 case STATE_READ_HEADERS: 384 net_log_.BeginEvent(NetLog::TYPE_HTTP_STREAM_PARSER_READ_HEADERS); 385 result = DoReadHeaders(); 386 break; 387 case STATE_READ_HEADERS_COMPLETE: 388 result = DoReadHeadersComplete(result); 389 net_log_.EndEventWithNetErrorCode( 390 NetLog::TYPE_HTTP_STREAM_PARSER_READ_HEADERS, result); 391 break; 392 case STATE_BODY_PENDING: 393 DCHECK(result != ERR_IO_PENDING); 394 can_do_more = false; 395 break; 396 case STATE_READ_BODY: 397 result = DoReadBody(); 398 // DoReadBodyComplete handles error conditions. 399 break; 400 case STATE_READ_BODY_COMPLETE: 401 result = DoReadBodyComplete(result); 402 break; 403 case STATE_DONE: 404 DCHECK(result != ERR_IO_PENDING); 405 can_do_more = false; 406 break; 407 default: 408 NOTREACHED(); 409 can_do_more = false; 410 break; 411 } 412 } while (result != ERR_IO_PENDING && can_do_more); 413 414 return result; 415 } 416 417 int HttpStreamParser::DoSendHeaders(int result) { 418 request_headers_->DidConsume(result); 419 int bytes_remaining = request_headers_->BytesRemaining(); 420 if (bytes_remaining > 0) { 421 // Record our best estimate of the 'request time' as the time when we send 422 // out the first bytes of the request headers. 423 if (bytes_remaining == request_headers_->size()) { 424 response_->request_time = base::Time::Now(); 425 } 426 result = connection_->socket() 427 ->Write(request_headers_.get(), bytes_remaining, io_callback_); 428 } else if (request_->upload_data_stream != NULL && 429 (request_->upload_data_stream->is_chunked() || 430 // !IsEOF() indicates that the body wasn't merged. 431 (request_->upload_data_stream->size() > 0 && 432 !request_->upload_data_stream->IsEOF()))) { 433 net_log_.AddEvent( 434 NetLog::TYPE_HTTP_TRANSACTION_SEND_REQUEST_BODY, 435 base::Bind(&NetLogSendRequestBodyCallback, 436 request_->upload_data_stream->size(), 437 request_->upload_data_stream->is_chunked(), 438 false /* not merged */)); 439 io_state_ = STATE_SENDING_BODY; 440 result = OK; 441 } else { 442 io_state_ = STATE_REQUEST_SENT; 443 } 444 return result; 445 } 446 447 int HttpStreamParser::DoSendBody(int result) { 448 // |result| is the number of bytes sent from the last call to 449 // DoSendBody(), or 0 (i.e. OK). 450 451 // Send the remaining data in the request body buffer. 452 request_body_send_buf_->DidConsume(result); 453 if (request_body_send_buf_->BytesRemaining() > 0) { 454 return connection_->socket() 455 ->Write(request_body_send_buf_.get(), 456 request_body_send_buf_->BytesRemaining(), 457 io_callback_); 458 } 459 460 if (request_->upload_data_stream->is_chunked() && sent_last_chunk_) { 461 io_state_ = STATE_REQUEST_SENT; 462 return OK; 463 } 464 465 request_body_read_buf_->Clear(); 466 io_state_ = STATE_SEND_REQUEST_READING_BODY; 467 return request_->upload_data_stream->Read(request_body_read_buf_.get(), 468 request_body_read_buf_->capacity(), 469 io_callback_); 470 } 471 472 int HttpStreamParser::DoSendRequestReadingBody(int result) { 473 // |result| is the result of read from the request body from the last call to 474 // DoSendBody(). 475 DCHECK_GE(result, 0); // There won't be errors. 476 477 // Chunked data needs to be encoded. 478 if (request_->upload_data_stream->is_chunked()) { 479 if (result == 0) { // Reached the end. 480 DCHECK(request_->upload_data_stream->IsEOF()); 481 sent_last_chunk_ = true; 482 } 483 // Encode the buffer as 1 chunk. 484 const base::StringPiece payload(request_body_read_buf_->data(), result); 485 request_body_send_buf_->Clear(); 486 result = EncodeChunk(payload, 487 request_body_send_buf_->data(), 488 request_body_send_buf_->capacity()); 489 } 490 491 if (result == 0) { // Reached the end. 492 // Reaching EOF means we can finish sending request body unless the data is 493 // chunked. (i.e. No need to send the terminal chunk.) 494 DCHECK(request_->upload_data_stream->IsEOF()); 495 DCHECK(!request_->upload_data_stream->is_chunked()); 496 io_state_ = STATE_REQUEST_SENT; 497 } else if (result > 0) { 498 request_body_send_buf_->DidAppend(result); 499 result = 0; 500 io_state_ = STATE_SENDING_BODY; 501 } 502 return result; 503 } 504 505 int HttpStreamParser::DoReadHeaders() { 506 io_state_ = STATE_READ_HEADERS_COMPLETE; 507 508 // Grow the read buffer if necessary. 509 if (read_buf_->RemainingCapacity() == 0) 510 read_buf_->SetCapacity(read_buf_->capacity() + kHeaderBufInitialSize); 511 512 // http://crbug.com/16371: We're seeing |user_buf_->data()| return NULL. 513 // See if the user is passing in an IOBuffer with a NULL |data_|. 514 CHECK(read_buf_->data()); 515 516 return connection_->socket() 517 ->Read(read_buf_.get(), read_buf_->RemainingCapacity(), io_callback_); 518 } 519 520 int HttpStreamParser::DoReadHeadersComplete(int result) { 521 DCHECK_EQ(0, read_buf_unused_offset_); 522 523 if (result == 0) 524 result = ERR_CONNECTION_CLOSED; 525 526 if (result < 0 && result != ERR_CONNECTION_CLOSED) { 527 io_state_ = STATE_DONE; 528 return result; 529 } 530 // If we've used the connection before, then we know it is not a HTTP/0.9 531 // response and return ERR_CONNECTION_CLOSED. 532 if (result == ERR_CONNECTION_CLOSED && read_buf_->offset() == 0 && 533 connection_->is_reused()) { 534 io_state_ = STATE_DONE; 535 return result; 536 } 537 538 // Record our best estimate of the 'response time' as the time when we read 539 // the first bytes of the response headers. 540 if (read_buf_->offset() == 0 && result != ERR_CONNECTION_CLOSED) 541 response_->response_time = base::Time::Now(); 542 543 if (result == ERR_CONNECTION_CLOSED) { 544 // The connection closed before we detected the end of the headers. 545 if (read_buf_->offset() == 0) { 546 // The connection was closed before any data was sent. Likely an error 547 // rather than empty HTTP/0.9 response. 548 io_state_ = STATE_DONE; 549 return ERR_EMPTY_RESPONSE; 550 } else if (request_->url.SchemeIsSecure()) { 551 // The connection was closed in the middle of the headers. For HTTPS we 552 // don't parse partial headers. Return a different error code so that we 553 // know that we shouldn't attempt to retry the request. 554 io_state_ = STATE_DONE; 555 return ERR_RESPONSE_HEADERS_TRUNCATED; 556 } 557 // Parse things as well as we can and let the caller decide what to do. 558 int end_offset; 559 if (response_header_start_offset_ >= 0) { 560 io_state_ = STATE_READ_BODY_COMPLETE; 561 end_offset = read_buf_->offset(); 562 } else { 563 io_state_ = STATE_BODY_PENDING; 564 end_offset = 0; 565 } 566 int rv = DoParseResponseHeaders(end_offset); 567 if (rv < 0) 568 return rv; 569 return result; 570 } 571 572 read_buf_->set_offset(read_buf_->offset() + result); 573 DCHECK_LE(read_buf_->offset(), read_buf_->capacity()); 574 DCHECK_GE(result, 0); 575 576 int end_of_header_offset = ParseResponseHeaders(); 577 578 // Note: -1 is special, it indicates we haven't found the end of headers. 579 // Anything less than -1 is a net::Error, so we bail out. 580 if (end_of_header_offset < -1) 581 return end_of_header_offset; 582 583 if (end_of_header_offset == -1) { 584 io_state_ = STATE_READ_HEADERS; 585 // Prevent growing the headers buffer indefinitely. 586 if (read_buf_->offset() >= kMaxHeaderBufSize) { 587 io_state_ = STATE_DONE; 588 return ERR_RESPONSE_HEADERS_TOO_BIG; 589 } 590 } else { 591 CalculateResponseBodySize(); 592 // If the body is zero length, the caller may not call ReadResponseBody, 593 // which is where any extra data is copied to read_buf_, so we move the 594 // data here. 595 if (response_body_length_ == 0) { 596 int extra_bytes = read_buf_->offset() - end_of_header_offset; 597 if (extra_bytes) { 598 CHECK_GT(extra_bytes, 0); 599 memmove(read_buf_->StartOfBuffer(), 600 read_buf_->StartOfBuffer() + end_of_header_offset, 601 extra_bytes); 602 } 603 read_buf_->SetCapacity(extra_bytes); 604 if (response_->headers->response_code() / 100 == 1) { 605 // After processing a 1xx response, the caller will ask for the next 606 // header, so reset state to support that. We don't completely ignore a 607 // 1xx response because it cannot be returned in reply to a CONNECT 608 // request so we return OK here, which lets the caller inspect the 609 // response and reject it in the event that we're setting up a CONNECT 610 // tunnel. 611 response_header_start_offset_ = -1; 612 response_body_length_ = -1; 613 io_state_ = STATE_REQUEST_SENT; 614 } else { 615 io_state_ = STATE_DONE; 616 } 617 return OK; 618 } 619 620 // Note where the headers stop. 621 read_buf_unused_offset_ = end_of_header_offset; 622 io_state_ = STATE_BODY_PENDING; 623 } 624 return result; 625 } 626 627 int HttpStreamParser::DoReadBody() { 628 io_state_ = STATE_READ_BODY_COMPLETE; 629 630 // There may be some data left over from reading the response headers. 631 if (read_buf_->offset()) { 632 int available = read_buf_->offset() - read_buf_unused_offset_; 633 if (available) { 634 CHECK_GT(available, 0); 635 int bytes_from_buffer = std::min(available, user_read_buf_len_); 636 memcpy(user_read_buf_->data(), 637 read_buf_->StartOfBuffer() + read_buf_unused_offset_, 638 bytes_from_buffer); 639 read_buf_unused_offset_ += bytes_from_buffer; 640 if (bytes_from_buffer == available) { 641 read_buf_->SetCapacity(0); 642 read_buf_unused_offset_ = 0; 643 } 644 return bytes_from_buffer; 645 } else { 646 read_buf_->SetCapacity(0); 647 read_buf_unused_offset_ = 0; 648 } 649 } 650 651 // Check to see if we're done reading. 652 if (IsResponseBodyComplete()) 653 return 0; 654 655 DCHECK_EQ(0, read_buf_->offset()); 656 return connection_->socket() 657 ->Read(user_read_buf_.get(), user_read_buf_len_, io_callback_); 658 } 659 660 int HttpStreamParser::DoReadBodyComplete(int result) { 661 // When the connection is closed, there are numerous ways to interpret it. 662 // 663 // - If a Content-Length header is present and the body contains exactly that 664 // number of bytes at connection close, the response is successful. 665 // 666 // - If a Content-Length header is present and the body contains fewer bytes 667 // than promised by the header at connection close, it may indicate that 668 // the connection was closed prematurely, or it may indicate that the 669 // server sent an invalid Content-Length header. Unfortunately, the invalid 670 // Content-Length header case does occur in practice and other browsers are 671 // tolerant of it. We choose to treat it as an error for now, but the 672 // download system treats it as a non-error, and URLRequestHttpJob also 673 // treats it as OK if the Content-Length is the post-decoded body content 674 // length. 675 // 676 // - If chunked encoding is used and the terminating chunk has been processed 677 // when the connection is closed, the response is successful. 678 // 679 // - If chunked encoding is used and the terminating chunk has not been 680 // processed when the connection is closed, it may indicate that the 681 // connection was closed prematurely or it may indicate that the server 682 // sent an invalid chunked encoding. We choose to treat it as 683 // an invalid chunked encoding. 684 // 685 // - If a Content-Length is not present and chunked encoding is not used, 686 // connection close is the only way to signal that the response is 687 // complete. Unfortunately, this also means that there is no way to detect 688 // early close of a connection. No error is returned. 689 if (result == 0 && !IsResponseBodyComplete() && CanFindEndOfResponse()) { 690 if (chunked_decoder_.get()) 691 result = ERR_INCOMPLETE_CHUNKED_ENCODING; 692 else 693 result = ERR_CONTENT_LENGTH_MISMATCH; 694 } 695 696 // Filter incoming data if appropriate. FilterBuf may return an error. 697 if (result > 0 && chunked_decoder_.get()) { 698 result = chunked_decoder_->FilterBuf(user_read_buf_->data(), result); 699 if (result == 0 && !chunked_decoder_->reached_eof()) { 700 // Don't signal completion of the Read call yet or else it'll look like 701 // we received end-of-file. Wait for more data. 702 io_state_ = STATE_READ_BODY; 703 return OK; 704 } 705 } 706 707 if (result > 0) 708 response_body_read_ += result; 709 710 if (result <= 0 || IsResponseBodyComplete()) { 711 io_state_ = STATE_DONE; 712 713 // Save the overflow data, which can be in two places. There may be 714 // some left over in |user_read_buf_|, plus there may be more 715 // in |read_buf_|. But the part left over in |user_read_buf_| must have 716 // come from the |read_buf_|, so there's room to put it back at the 717 // start first. 718 int additional_save_amount = read_buf_->offset() - read_buf_unused_offset_; 719 int save_amount = 0; 720 if (chunked_decoder_.get()) { 721 save_amount = chunked_decoder_->bytes_after_eof(); 722 } else if (response_body_length_ >= 0) { 723 int64 extra_data_read = response_body_read_ - response_body_length_; 724 if (extra_data_read > 0) { 725 save_amount = static_cast<int>(extra_data_read); 726 if (result > 0) 727 result -= save_amount; 728 } 729 } 730 731 CHECK_LE(save_amount + additional_save_amount, kMaxBufSize); 732 if (read_buf_->capacity() < save_amount + additional_save_amount) { 733 read_buf_->SetCapacity(save_amount + additional_save_amount); 734 } 735 736 if (save_amount) { 737 memcpy(read_buf_->StartOfBuffer(), user_read_buf_->data() + result, 738 save_amount); 739 } 740 read_buf_->set_offset(save_amount); 741 if (additional_save_amount) { 742 memmove(read_buf_->data(), 743 read_buf_->StartOfBuffer() + read_buf_unused_offset_, 744 additional_save_amount); 745 read_buf_->set_offset(save_amount + additional_save_amount); 746 } 747 read_buf_unused_offset_ = 0; 748 } else { 749 io_state_ = STATE_BODY_PENDING; 750 user_read_buf_ = NULL; 751 user_read_buf_len_ = 0; 752 } 753 754 return result; 755 } 756 757 int HttpStreamParser::ParseResponseHeaders() { 758 int end_offset = -1; 759 DCHECK_EQ(0, read_buf_unused_offset_); 760 761 // Look for the start of the status line, if it hasn't been found yet. 762 if (response_header_start_offset_ < 0) { 763 response_header_start_offset_ = HttpUtil::LocateStartOfStatusLine( 764 read_buf_->StartOfBuffer(), read_buf_->offset()); 765 } 766 767 if (response_header_start_offset_ >= 0) { 768 end_offset = HttpUtil::LocateEndOfHeaders(read_buf_->StartOfBuffer(), 769 read_buf_->offset(), 770 response_header_start_offset_); 771 } else if (read_buf_->offset() >= 8) { 772 // Enough data to decide that this is an HTTP/0.9 response. 773 // 8 bytes = (4 bytes of junk) + "http".length() 774 end_offset = 0; 775 } 776 777 if (end_offset == -1) 778 return -1; 779 780 int rv = DoParseResponseHeaders(end_offset); 781 if (rv < 0) 782 return rv; 783 return end_offset; 784 } 785 786 int HttpStreamParser::DoParseResponseHeaders(int end_offset) { 787 scoped_refptr<HttpResponseHeaders> headers; 788 DCHECK_EQ(0, read_buf_unused_offset_); 789 790 if (response_header_start_offset_ >= 0) { 791 headers = new HttpResponseHeaders(HttpUtil::AssembleRawHeaders( 792 read_buf_->StartOfBuffer(), end_offset)); 793 } else { 794 // Enough data was read -- there is no status line. 795 headers = new HttpResponseHeaders(std::string("HTTP/0.9 200 OK")); 796 } 797 798 // Check for multiple Content-Length headers with no Transfer-Encoding header. 799 // If they exist, and have distinct values, it's a potential response 800 // smuggling attack. 801 if (!headers->HasHeader("Transfer-Encoding")) { 802 if (HeadersContainMultipleCopiesOfField(*headers.get(), "Content-Length")) 803 return ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_LENGTH; 804 } 805 806 // Check for multiple Content-Disposition or Location headers. If they exist, 807 // it's also a potential response smuggling attack. 808 if (HeadersContainMultipleCopiesOfField(*headers.get(), 809 "Content-Disposition")) 810 return ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_DISPOSITION; 811 if (HeadersContainMultipleCopiesOfField(*headers.get(), "Location")) 812 return ERR_RESPONSE_HEADERS_MULTIPLE_LOCATION; 813 814 response_->headers = headers; 815 response_->connection_info = HttpResponseInfo::CONNECTION_INFO_HTTP1; 816 response_->vary_data.Init(*request_, *response_->headers.get()); 817 DVLOG(1) << __FUNCTION__ << "()" 818 << " content_length = \"" << response_->headers->GetContentLength() 819 << "\n\"" 820 << " headers = \"" 821 << GetResponseHeaderLines(*response_->headers.get()) << "\""; 822 return OK; 823 } 824 825 void HttpStreamParser::CalculateResponseBodySize() { 826 // Figure how to determine EOF: 827 828 // For certain responses, we know the content length is always 0. From 829 // RFC 2616 Section 4.3 Message Body: 830 // 831 // For response messages, whether or not a message-body is included with 832 // a message is dependent on both the request method and the response 833 // status code (section 6.1.1). All responses to the HEAD request method 834 // MUST NOT include a message-body, even though the presence of entity- 835 // header fields might lead one to believe they do. All 1xx 836 // (informational), 204 (no content), and 304 (not modified) responses 837 // MUST NOT include a message-body. All other responses do include a 838 // message-body, although it MAY be of zero length. 839 if (response_->headers->response_code() / 100 == 1) { 840 response_body_length_ = 0; 841 } else { 842 switch (response_->headers->response_code()) { 843 case 204: // No Content 844 case 205: // Reset Content 845 case 304: // Not Modified 846 response_body_length_ = 0; 847 break; 848 } 849 } 850 if (request_->method == "HEAD") 851 response_body_length_ = 0; 852 853 if (response_body_length_ == -1) { 854 // "Transfer-Encoding: chunked" trumps "Content-Length: N" 855 if (response_->headers->IsChunkEncoded()) { 856 chunked_decoder_.reset(new HttpChunkedDecoder()); 857 } else { 858 response_body_length_ = response_->headers->GetContentLength(); 859 // If response_body_length_ is still -1, then we have to wait 860 // for the server to close the connection. 861 } 862 } 863 } 864 865 UploadProgress HttpStreamParser::GetUploadProgress() const { 866 if (!request_->upload_data_stream) 867 return UploadProgress(); 868 869 return UploadProgress(request_->upload_data_stream->position(), 870 request_->upload_data_stream->size()); 871 } 872 873 HttpResponseInfo* HttpStreamParser::GetResponseInfo() { 874 return response_; 875 } 876 877 bool HttpStreamParser::IsResponseBodyComplete() const { 878 if (chunked_decoder_.get()) 879 return chunked_decoder_->reached_eof(); 880 if (response_body_length_ != -1) 881 return response_body_read_ >= response_body_length_; 882 883 return false; // Must read to EOF. 884 } 885 886 bool HttpStreamParser::CanFindEndOfResponse() const { 887 return chunked_decoder_.get() || response_body_length_ >= 0; 888 } 889 890 bool HttpStreamParser::IsMoreDataBuffered() const { 891 return read_buf_->offset() > read_buf_unused_offset_; 892 } 893 894 bool HttpStreamParser::IsConnectionReused() const { 895 ClientSocketHandle::SocketReuseType reuse_type = connection_->reuse_type(); 896 return connection_->is_reused() || 897 reuse_type == ClientSocketHandle::UNUSED_IDLE; 898 } 899 900 void HttpStreamParser::SetConnectionReused() { 901 connection_->set_is_reused(true); 902 } 903 904 bool HttpStreamParser::IsConnectionReusable() const { 905 return connection_->socket() && connection_->socket()->IsConnectedAndIdle(); 906 } 907 908 void HttpStreamParser::GetSSLInfo(SSLInfo* ssl_info) { 909 if (request_->url.SchemeIsSecure() && connection_->socket()) { 910 SSLClientSocket* ssl_socket = 911 static_cast<SSLClientSocket*>(connection_->socket()); 912 ssl_socket->GetSSLInfo(ssl_info); 913 } 914 } 915 916 void HttpStreamParser::GetSSLCertRequestInfo( 917 SSLCertRequestInfo* cert_request_info) { 918 if (request_->url.SchemeIsSecure() && connection_->socket()) { 919 SSLClientSocket* ssl_socket = 920 static_cast<SSLClientSocket*>(connection_->socket()); 921 ssl_socket->GetSSLCertRequestInfo(cert_request_info); 922 } 923 } 924 925 int HttpStreamParser::EncodeChunk(const base::StringPiece& payload, 926 char* output, 927 size_t output_size) { 928 if (output_size < payload.size() + kChunkHeaderFooterSize) 929 return ERR_INVALID_ARGUMENT; 930 931 char* cursor = output; 932 // Add the header. 933 const int num_chars = base::snprintf(output, output_size, 934 "%X\r\n", 935 static_cast<int>(payload.size())); 936 cursor += num_chars; 937 // Add the payload if any. 938 if (payload.size() > 0) { 939 memcpy(cursor, payload.data(), payload.size()); 940 cursor += payload.size(); 941 } 942 // Add the trailing CRLF. 943 memcpy(cursor, "\r\n", 2); 944 cursor += 2; 945 946 return cursor - output; 947 } 948 949 // static 950 bool HttpStreamParser::ShouldMergeRequestHeadersAndBody( 951 const std::string& request_headers, 952 const UploadDataStream* request_body) { 953 if (request_body != NULL && 954 // IsInMemory() ensures that the request body is not chunked. 955 request_body->IsInMemory() && 956 request_body->size() > 0) { 957 size_t merged_size = request_headers.size() + request_body->size(); 958 if (merged_size <= kMaxMergedHeaderAndBodySize) 959 return true; 960 } 961 return false; 962 } 963 964 } // namespace net 965
