1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "net/http/http_stream_parser.h" 6 7#include "base/bind.h" 8#include "base/compiler_specific.h" 9#include "base/logging.h" 10#include "base/strings/string_util.h" 11#include "base/values.h" 12#include "net/base/io_buffer.h" 13#include "net/base/ip_endpoint.h" 14#include "net/base/upload_data_stream.h" 15#include "net/http/http_chunked_decoder.h" 16#include "net/http/http_request_headers.h" 17#include "net/http/http_request_info.h" 18#include "net/http/http_response_headers.h" 19#include "net/http/http_util.h" 20#include "net/socket/client_socket_handle.h" 21#include "net/socket/ssl_client_socket.h" 22 23namespace net { 24 25namespace { 26 27const size_t kMaxMergedHeaderAndBodySize = 1400; 28const size_t kRequestBodyBufferSize = 1 << 14; // 16KB 29 30std::string GetResponseHeaderLines(const HttpResponseHeaders& headers) { 31 std::string raw_headers = headers.raw_headers(); 32 const char* null_separated_headers = raw_headers.c_str(); 33 const char* header_line = null_separated_headers; 34 std::string cr_separated_headers; 35 while (header_line[0] != 0) { 36 cr_separated_headers += header_line; 37 cr_separated_headers += "\n"; 38 header_line += strlen(header_line) + 1; 39 } 40 return cr_separated_headers; 41} 42 43// Return true if |headers| contain multiple |field_name| fields with different 44// values. 45bool HeadersContainMultipleCopiesOfField(const HttpResponseHeaders& headers, 46 const std::string& field_name) { 47 void* it = NULL; 48 std::string field_value; 49 if (!headers.EnumerateHeader(&it, field_name, &field_value)) 50 return false; 51 // There's at least one |field_name| header. Check if there are any more 52 // such headers, and if so, return true if they have different values. 53 std::string field_value2; 54 while (headers.EnumerateHeader(&it, field_name, &field_value2)) { 55 if (field_value != field_value2) 56 return true; 57 } 58 return false; 59} 60 61base::Value* NetLogSendRequestBodyCallback(int length, 62 bool is_chunked, 63 bool did_merge, 64 NetLog::LogLevel /* log_level */) { 65 base::DictionaryValue* dict = new base::DictionaryValue(); 66 dict->SetInteger("length", length); 67 dict->SetBoolean("is_chunked", is_chunked); 68 dict->SetBoolean("did_merge", did_merge); 69 return dict; 70} 71 72// Returns true if |error_code| is an error for which we give the server a 73// chance to send a body containing error information, if the error was received 74// while trying to upload a request body. 75bool ShouldTryReadingOnUploadError(int error_code) { 76 return (error_code == ERR_CONNECTION_RESET); 77} 78 79} // namespace 80 81// Similar to DrainableIOBuffer(), but this version comes with its own 82// storage. The motivation is to avoid repeated allocations of 83// DrainableIOBuffer. 84// 85// Example: 86// 87// scoped_refptr<SeekableIOBuffer> buf = new SeekableIOBuffer(1024); 88// // capacity() == 1024. size() == BytesRemaining() == BytesConsumed() == 0. 89// // data() points to the beginning of the buffer. 90// 91// // Read() takes an IOBuffer. 92// int bytes_read = some_reader->Read(buf, buf->capacity()); 93// buf->DidAppend(bytes_read); 94// // size() == BytesRemaining() == bytes_read. data() is unaffected. 95// 96// while (buf->BytesRemaining() > 0) { 97// // Write() takes an IOBuffer. If it takes const char*, we could 98/// // simply use the regular IOBuffer like buf->data() + offset. 99// int bytes_written = Write(buf, buf->BytesRemaining()); 100// buf->DidConsume(bytes_written); 101// } 102// // BytesRemaining() == 0. BytesConsumed() == size(). 103// // data() points to the end of the consumed bytes (exclusive). 104// 105// // If you want to reuse the buffer, be sure to clear the buffer. 106// buf->Clear(); 107// // size() == BytesRemaining() == BytesConsumed() == 0. 108// // data() points to the beginning of the buffer. 109// 110class HttpStreamParser::SeekableIOBuffer : public IOBuffer { 111 public: 112 explicit SeekableIOBuffer(int capacity) 113 : IOBuffer(capacity), 114 real_data_(data_), 115 capacity_(capacity), 116 size_(0), 117 used_(0) { 118 } 119 120 // DidConsume() changes the |data_| pointer so that |data_| always points 121 // to the first unconsumed byte. 122 void DidConsume(int bytes) { 123 SetOffset(used_ + bytes); 124 } 125 126 // Returns the number of unconsumed bytes. 127 int BytesRemaining() const { 128 return size_ - used_; 129 } 130 131 // Seeks to an arbitrary point in the buffer. The notion of bytes consumed 132 // and remaining are updated appropriately. 133 void SetOffset(int bytes) { 134 DCHECK_GE(bytes, 0); 135 DCHECK_LE(bytes, size_); 136 used_ = bytes; 137 data_ = real_data_ + used_; 138 } 139 140 // Called after data is added to the buffer. Adds |bytes| added to 141 // |size_|. data() is unaffected. 142 void DidAppend(int bytes) { 143 DCHECK_GE(bytes, 0); 144 DCHECK_GE(size_ + bytes, 0); 145 DCHECK_LE(size_ + bytes, capacity_); 146 size_ += bytes; 147 } 148 149 // Changes the logical size to 0, and the offset to 0. 150 void Clear() { 151 size_ = 0; 152 SetOffset(0); 153 } 154 155 // Returns the logical size of the buffer (i.e the number of bytes of data 156 // in the buffer). 157 int size() const { return size_; } 158 159 // Returns the capacity of the buffer. The capacity is the size used when 160 // the object is created. 161 int capacity() const { return capacity_; }; 162 163 private: 164 virtual ~SeekableIOBuffer() { 165 // data_ will be deleted in IOBuffer::~IOBuffer(). 166 data_ = real_data_; 167 } 168 169 char* real_data_; 170 const int capacity_; 171 int size_; 172 int used_; 173}; 174 175// 2 CRLFs + max of 8 hex chars. 176const size_t HttpStreamParser::kChunkHeaderFooterSize = 12; 177 178HttpStreamParser::HttpStreamParser(ClientSocketHandle* connection, 179 const HttpRequestInfo* request, 180 GrowableIOBuffer* read_buffer, 181 const BoundNetLog& net_log) 182 : io_state_(STATE_NONE), 183 request_(request), 184 request_headers_(NULL), 185 request_headers_length_(0), 186 read_buf_(read_buffer), 187 read_buf_unused_offset_(0), 188 response_header_start_offset_(-1), 189 received_bytes_(0), 190 response_body_length_(-1), 191 response_body_read_(0), 192 user_read_buf_(NULL), 193 user_read_buf_len_(0), 194 connection_(connection), 195 net_log_(net_log), 196 sent_last_chunk_(false), 197 upload_error_(OK), 198 weak_ptr_factory_(this) { 199 io_callback_ = base::Bind(&HttpStreamParser::OnIOComplete, 200 weak_ptr_factory_.GetWeakPtr()); 201} 202 203HttpStreamParser::~HttpStreamParser() { 204} 205 206int HttpStreamParser::SendRequest(const std::string& request_line, 207 const HttpRequestHeaders& headers, 208 HttpResponseInfo* response, 209 const CompletionCallback& callback) { 210 DCHECK_EQ(STATE_NONE, io_state_); 211 DCHECK(callback_.is_null()); 212 DCHECK(!callback.is_null()); 213 DCHECK(response); 214 215 net_log_.AddEvent( 216 NetLog::TYPE_HTTP_TRANSACTION_SEND_REQUEST_HEADERS, 217 base::Bind(&HttpRequestHeaders::NetLogCallback, 218 base::Unretained(&headers), 219 &request_line)); 220 221 DVLOG(1) << __FUNCTION__ << "()" 222 << " request_line = \"" << request_line << "\"" 223 << " headers = \"" << headers.ToString() << "\""; 224 response_ = response; 225 226 // Put the peer's IP address and port into the response. 227 IPEndPoint ip_endpoint; 228 int result = connection_->socket()->GetPeerAddress(&ip_endpoint); 229 if (result != OK) 230 return result; 231 response_->socket_address = HostPortPair::FromIPEndPoint(ip_endpoint); 232 233 std::string request = request_line + headers.ToString(); 234 request_headers_length_ = request.size(); 235 236 if (request_->upload_data_stream != NULL) { 237 request_body_send_buf_ = new SeekableIOBuffer(kRequestBodyBufferSize); 238 if (request_->upload_data_stream->is_chunked()) { 239 // Read buffer is adjusted to guarantee that |request_body_send_buf_| is 240 // large enough to hold the encoded chunk. 241 request_body_read_buf_ = 242 new SeekableIOBuffer(kRequestBodyBufferSize - kChunkHeaderFooterSize); 243 } else { 244 // No need to encode request body, just send the raw data. 245 request_body_read_buf_ = request_body_send_buf_; 246 } 247 } 248 249 io_state_ = STATE_SEND_HEADERS; 250 251 // If we have a small request body, then we'll merge with the headers into a 252 // single write. 253 bool did_merge = false; 254 if (ShouldMergeRequestHeadersAndBody(request, request_->upload_data_stream)) { 255 size_t merged_size = 256 request_headers_length_ + request_->upload_data_stream->size(); 257 scoped_refptr<IOBuffer> merged_request_headers_and_body( 258 new IOBuffer(merged_size)); 259 // We'll repurpose |request_headers_| to store the merged headers and 260 // body. 261 request_headers_ = new DrainableIOBuffer( 262 merged_request_headers_and_body.get(), merged_size); 263 264 memcpy(request_headers_->data(), request.data(), request_headers_length_); 265 request_headers_->DidConsume(request_headers_length_); 266 267 size_t todo = request_->upload_data_stream->size(); 268 while (todo) { 269 int consumed = request_->upload_data_stream 270 ->Read(request_headers_.get(), todo, CompletionCallback()); 271 DCHECK_GT(consumed, 0); // Read() won't fail if not chunked. 272 request_headers_->DidConsume(consumed); 273 todo -= consumed; 274 } 275 DCHECK(request_->upload_data_stream->IsEOF()); 276 // Reset the offset, so the buffer can be read from the beginning. 277 request_headers_->SetOffset(0); 278 did_merge = true; 279 280 net_log_.AddEvent( 281 NetLog::TYPE_HTTP_TRANSACTION_SEND_REQUEST_BODY, 282 base::Bind(&NetLogSendRequestBodyCallback, 283 request_->upload_data_stream->size(), 284 false, /* not chunked */ 285 true /* merged */)); 286 } 287 288 if (!did_merge) { 289 // If we didn't merge the body with the headers, then |request_headers_| 290 // contains just the HTTP headers. 291 scoped_refptr<StringIOBuffer> headers_io_buf(new StringIOBuffer(request)); 292 request_headers_ = 293 new DrainableIOBuffer(headers_io_buf.get(), headers_io_buf->size()); 294 } 295 296 result = DoLoop(OK); 297 if (result == ERR_IO_PENDING) 298 callback_ = callback; 299 300 return result > 0 ? OK : result; 301} 302 303int HttpStreamParser::ReadResponseHeaders(const CompletionCallback& callback) { 304 DCHECK(io_state_ == STATE_NONE || io_state_ == STATE_DONE); 305 DCHECK(callback_.is_null()); 306 DCHECK(!callback.is_null()); 307 DCHECK_EQ(0, read_buf_unused_offset_); 308 309 // This function can be called with io_state_ == STATE_DONE if the 310 // connection is closed after seeing just a 1xx response code. 311 if (io_state_ == STATE_DONE) 312 return ERR_CONNECTION_CLOSED; 313 314 int result = OK; 315 io_state_ = STATE_READ_HEADERS; 316 317 if (read_buf_->offset() > 0) { 318 // Simulate the state where the data was just read from the socket. 319 result = read_buf_->offset(); 320 read_buf_->set_offset(0); 321 } 322 if (result > 0) 323 io_state_ = STATE_READ_HEADERS_COMPLETE; 324 325 result = DoLoop(result); 326 if (result == ERR_IO_PENDING) 327 callback_ = callback; 328 329 return result > 0 ? OK : result; 330} 331 332void HttpStreamParser::Close(bool not_reusable) { 333 if (not_reusable && connection_->socket()) 334 connection_->socket()->Disconnect(); 335 connection_->Reset(); 336} 337 338int HttpStreamParser::ReadResponseBody(IOBuffer* buf, int buf_len, 339 const CompletionCallback& callback) { 340 DCHECK(io_state_ == STATE_NONE || io_state_ == STATE_DONE); 341 DCHECK(callback_.is_null()); 342 DCHECK(!callback.is_null()); 343 DCHECK_LE(buf_len, kMaxBufSize); 344 345 if (io_state_ == STATE_DONE) 346 return OK; 347 348 user_read_buf_ = buf; 349 user_read_buf_len_ = buf_len; 350 io_state_ = STATE_READ_BODY; 351 352 int result = DoLoop(OK); 353 if (result == ERR_IO_PENDING) 354 callback_ = callback; 355 356 return result; 357} 358 359void HttpStreamParser::OnIOComplete(int result) { 360 result = DoLoop(result); 361 362 // The client callback can do anything, including destroying this class, 363 // so any pending callback must be issued after everything else is done. 364 if (result != ERR_IO_PENDING && !callback_.is_null()) { 365 CompletionCallback c = callback_; 366 callback_.Reset(); 367 c.Run(result); 368 } 369} 370 371int HttpStreamParser::DoLoop(int result) { 372 do { 373 DCHECK_NE(ERR_IO_PENDING, result); 374 DCHECK_NE(STATE_DONE, io_state_); 375 DCHECK_NE(STATE_NONE, io_state_); 376 State state = io_state_; 377 io_state_ = STATE_NONE; 378 switch (state) { 379 case STATE_SEND_HEADERS: 380 DCHECK_EQ(OK, result); 381 result = DoSendHeaders(); 382 break; 383 case STATE_SEND_HEADERS_COMPLETE: 384 result = DoSendHeadersComplete(result); 385 break; 386 case STATE_SEND_BODY: 387 DCHECK_EQ(OK, result); 388 result = DoSendBody(); 389 break; 390 case STATE_SEND_BODY_COMPLETE: 391 result = DoSendBodyComplete(result); 392 break; 393 case STATE_SEND_REQUEST_READ_BODY_COMPLETE: 394 result = DoSendRequestReadBodyComplete(result); 395 break; 396 case STATE_READ_HEADERS: 397 net_log_.BeginEvent(NetLog::TYPE_HTTP_STREAM_PARSER_READ_HEADERS); 398 DCHECK_GE(result, 0); 399 result = DoReadHeaders(); 400 break; 401 case STATE_READ_HEADERS_COMPLETE: 402 result = DoReadHeadersComplete(result); 403 net_log_.EndEventWithNetErrorCode( 404 NetLog::TYPE_HTTP_STREAM_PARSER_READ_HEADERS, result); 405 break; 406 case STATE_READ_BODY: 407 DCHECK_GE(result, 0); 408 result = DoReadBody(); 409 break; 410 case STATE_READ_BODY_COMPLETE: 411 result = DoReadBodyComplete(result); 412 break; 413 default: 414 NOTREACHED(); 415 break; 416 } 417 } while (result != ERR_IO_PENDING && 418 (io_state_ != STATE_DONE && io_state_ != STATE_NONE)); 419 420 return result; 421} 422 423int HttpStreamParser::DoSendHeaders() { 424 int bytes_remaining = request_headers_->BytesRemaining(); 425 DCHECK_GT(bytes_remaining, 0); 426 427 // Record our best estimate of the 'request time' as the time when we send 428 // out the first bytes of the request headers. 429 if (bytes_remaining == request_headers_->size()) 430 response_->request_time = base::Time::Now(); 431 432 io_state_ = STATE_SEND_HEADERS_COMPLETE; 433 return connection_->socket() 434 ->Write(request_headers_.get(), bytes_remaining, io_callback_); 435} 436 437int HttpStreamParser::DoSendHeadersComplete(int result) { 438 if (result < 0) { 439 // In the unlikely case that the headers and body were merged, all the 440 // the headers were sent, but not all of the body way, and |result| is 441 // an error that this should try reading after, stash the error for now and 442 // act like the request was successfully sent. 443 if (request_headers_->BytesConsumed() >= request_headers_length_ && 444 ShouldTryReadingOnUploadError(result)) { 445 upload_error_ = result; 446 return OK; 447 } 448 return result; 449 } 450 451 request_headers_->DidConsume(result); 452 if (request_headers_->BytesRemaining() > 0) { 453 io_state_ = STATE_SEND_HEADERS; 454 return OK; 455 } 456 457 if (request_->upload_data_stream != NULL && 458 (request_->upload_data_stream->is_chunked() || 459 // !IsEOF() indicates that the body wasn't merged. 460 (request_->upload_data_stream->size() > 0 && 461 !request_->upload_data_stream->IsEOF()))) { 462 net_log_.AddEvent( 463 NetLog::TYPE_HTTP_TRANSACTION_SEND_REQUEST_BODY, 464 base::Bind(&NetLogSendRequestBodyCallback, 465 request_->upload_data_stream->size(), 466 request_->upload_data_stream->is_chunked(), 467 false /* not merged */)); 468 io_state_ = STATE_SEND_BODY; 469 return OK; 470 } 471 472 // Finished sending the request. 473 return OK; 474} 475 476int HttpStreamParser::DoSendBody() { 477 if (request_body_send_buf_->BytesRemaining() > 0) { 478 io_state_ = STATE_SEND_BODY_COMPLETE; 479 return connection_->socket() 480 ->Write(request_body_send_buf_.get(), 481 request_body_send_buf_->BytesRemaining(), 482 io_callback_); 483 } 484 485 if (request_->upload_data_stream->is_chunked() && sent_last_chunk_) { 486 // Finished sending the request. 487 return OK; 488 } 489 490 request_body_read_buf_->Clear(); 491 io_state_ = STATE_SEND_REQUEST_READ_BODY_COMPLETE; 492 return request_->upload_data_stream->Read(request_body_read_buf_.get(), 493 request_body_read_buf_->capacity(), 494 io_callback_); 495} 496 497int HttpStreamParser::DoSendBodyComplete(int result) { 498 if (result < 0) { 499 // If |result| is an error that this should try reading after, stash the 500 // error for now and act like the request was successfully sent. 501 if (ShouldTryReadingOnUploadError(result)) { 502 upload_error_ = result; 503 return OK; 504 } 505 return result; 506 } 507 508 request_body_send_buf_->DidConsume(result); 509 510 io_state_ = STATE_SEND_BODY; 511 return OK; 512} 513 514int HttpStreamParser::DoSendRequestReadBodyComplete(int result) { 515 // |result| is the result of read from the request body from the last call to 516 // DoSendBody(). 517 DCHECK_GE(result, 0); // There won't be errors. 518 519 // Chunked data needs to be encoded. 520 if (request_->upload_data_stream->is_chunked()) { 521 if (result == 0) { // Reached the end. 522 DCHECK(request_->upload_data_stream->IsEOF()); 523 sent_last_chunk_ = true; 524 } 525 // Encode the buffer as 1 chunk. 526 const base::StringPiece payload(request_body_read_buf_->data(), result); 527 request_body_send_buf_->Clear(); 528 result = EncodeChunk(payload, 529 request_body_send_buf_->data(), 530 request_body_send_buf_->capacity()); 531 } 532 533 if (result == 0) { // Reached the end. 534 // Reaching EOF means we can finish sending request body unless the data is 535 // chunked. (i.e. No need to send the terminal chunk.) 536 DCHECK(request_->upload_data_stream->IsEOF()); 537 DCHECK(!request_->upload_data_stream->is_chunked()); 538 // Finished sending the request. 539 } else if (result > 0) { 540 request_body_send_buf_->DidAppend(result); 541 result = 0; 542 io_state_ = STATE_SEND_BODY; 543 } 544 return result; 545} 546 547int HttpStreamParser::DoReadHeaders() { 548 io_state_ = STATE_READ_HEADERS_COMPLETE; 549 550 // Grow the read buffer if necessary. 551 if (read_buf_->RemainingCapacity() == 0) 552 read_buf_->SetCapacity(read_buf_->capacity() + kHeaderBufInitialSize); 553 554 // http://crbug.com/16371: We're seeing |user_buf_->data()| return NULL. 555 // See if the user is passing in an IOBuffer with a NULL |data_|. 556 CHECK(read_buf_->data()); 557 558 return connection_->socket() 559 ->Read(read_buf_.get(), read_buf_->RemainingCapacity(), io_callback_); 560} 561 562int HttpStreamParser::DoReadHeadersComplete(int result) { 563 result = HandleReadHeaderResult(result); 564 565 // TODO(mmenke): The code below is ugly and hacky. A much better and more 566 // flexible long term solution would be to separate out the read and write 567 // loops, though this would involve significant changes, both here and 568 // elsewhere (WebSockets, for instance). 569 570 // If still reading the headers, or there was no error uploading the request 571 // body, just return the result. 572 if (io_state_ == STATE_READ_HEADERS || upload_error_ == OK) 573 return result; 574 575 // If the result is ERR_IO_PENDING, |io_state_| should be STATE_READ_HEADERS. 576 DCHECK_NE(ERR_IO_PENDING, result); 577 578 // On errors, use the original error received when sending the request. 579 // The main cases where these are different is when there's a header-related 580 // error code, or when there's an ERR_CONNECTION_CLOSED, which can result in 581 // special handling of partial responses and HTTP/0.9 responses. 582 if (result < 0) { 583 // Nothing else to do. In the HTTP/0.9 or only partial headers received 584 // cases, can normally go to other states after an error reading headers. 585 io_state_ = STATE_DONE; 586 // Don't let caller see the headers. 587 response_->headers = NULL; 588 return upload_error_; 589 } 590 591 // Skip over 1xx responses as usual, and allow 4xx/5xx error responses to 592 // override the error received while uploading the body. 593 int response_code_class = response_->headers->response_code() / 100; 594 if (response_code_class == 1 || response_code_class == 4 || 595 response_code_class == 5) { 596 return result; 597 } 598 599 // All other status codes are not allowed after an error during upload, to 600 // make sure the consumer has some indication there was an error. 601 602 // Nothing else to do. 603 io_state_ = STATE_DONE; 604 // Don't let caller see the headers. 605 response_->headers = NULL; 606 return upload_error_; 607} 608 609int HttpStreamParser::DoReadBody() { 610 io_state_ = STATE_READ_BODY_COMPLETE; 611 612 // There may be some data left over from reading the response headers. 613 if (read_buf_->offset()) { 614 int available = read_buf_->offset() - read_buf_unused_offset_; 615 if (available) { 616 CHECK_GT(available, 0); 617 int bytes_from_buffer = std::min(available, user_read_buf_len_); 618 memcpy(user_read_buf_->data(), 619 read_buf_->StartOfBuffer() + read_buf_unused_offset_, 620 bytes_from_buffer); 621 read_buf_unused_offset_ += bytes_from_buffer; 622 if (bytes_from_buffer == available) { 623 read_buf_->SetCapacity(0); 624 read_buf_unused_offset_ = 0; 625 } 626 return bytes_from_buffer; 627 } else { 628 read_buf_->SetCapacity(0); 629 read_buf_unused_offset_ = 0; 630 } 631 } 632 633 // Check to see if we're done reading. 634 if (IsResponseBodyComplete()) 635 return 0; 636 637 DCHECK_EQ(0, read_buf_->offset()); 638 return connection_->socket() 639 ->Read(user_read_buf_.get(), user_read_buf_len_, io_callback_); 640} 641 642int HttpStreamParser::DoReadBodyComplete(int result) { 643 // When the connection is closed, there are numerous ways to interpret it. 644 // 645 // - If a Content-Length header is present and the body contains exactly that 646 // number of bytes at connection close, the response is successful. 647 // 648 // - If a Content-Length header is present and the body contains fewer bytes 649 // than promised by the header at connection close, it may indicate that 650 // the connection was closed prematurely, or it may indicate that the 651 // server sent an invalid Content-Length header. Unfortunately, the invalid 652 // Content-Length header case does occur in practice and other browsers are 653 // tolerant of it. We choose to treat it as an error for now, but the 654 // download system treats it as a non-error, and URLRequestHttpJob also 655 // treats it as OK if the Content-Length is the post-decoded body content 656 // length. 657 // 658 // - If chunked encoding is used and the terminating chunk has been processed 659 // when the connection is closed, the response is successful. 660 // 661 // - If chunked encoding is used and the terminating chunk has not been 662 // processed when the connection is closed, it may indicate that the 663 // connection was closed prematurely or it may indicate that the server 664 // sent an invalid chunked encoding. We choose to treat it as 665 // an invalid chunked encoding. 666 // 667 // - If a Content-Length is not present and chunked encoding is not used, 668 // connection close is the only way to signal that the response is 669 // complete. Unfortunately, this also means that there is no way to detect 670 // early close of a connection. No error is returned. 671 if (result == 0 && !IsResponseBodyComplete() && CanFindEndOfResponse()) { 672 if (chunked_decoder_.get()) 673 result = ERR_INCOMPLETE_CHUNKED_ENCODING; 674 else 675 result = ERR_CONTENT_LENGTH_MISMATCH; 676 } 677 678 if (result > 0) 679 received_bytes_ += result; 680 681 // Filter incoming data if appropriate. FilterBuf may return an error. 682 if (result > 0 && chunked_decoder_.get()) { 683 result = chunked_decoder_->FilterBuf(user_read_buf_->data(), result); 684 if (result == 0 && !chunked_decoder_->reached_eof()) { 685 // Don't signal completion of the Read call yet or else it'll look like 686 // we received end-of-file. Wait for more data. 687 io_state_ = STATE_READ_BODY; 688 return OK; 689 } 690 } 691 692 if (result > 0) 693 response_body_read_ += result; 694 695 if (result <= 0 || IsResponseBodyComplete()) { 696 io_state_ = STATE_DONE; 697 698 // Save the overflow data, which can be in two places. There may be 699 // some left over in |user_read_buf_|, plus there may be more 700 // in |read_buf_|. But the part left over in |user_read_buf_| must have 701 // come from the |read_buf_|, so there's room to put it back at the 702 // start first. 703 int additional_save_amount = read_buf_->offset() - read_buf_unused_offset_; 704 int save_amount = 0; 705 if (chunked_decoder_.get()) { 706 save_amount = chunked_decoder_->bytes_after_eof(); 707 } else if (response_body_length_ >= 0) { 708 int64 extra_data_read = response_body_read_ - response_body_length_; 709 if (extra_data_read > 0) { 710 save_amount = static_cast<int>(extra_data_read); 711 if (result > 0) 712 result -= save_amount; 713 } 714 } 715 716 CHECK_LE(save_amount + additional_save_amount, kMaxBufSize); 717 if (read_buf_->capacity() < save_amount + additional_save_amount) { 718 read_buf_->SetCapacity(save_amount + additional_save_amount); 719 } 720 721 if (save_amount) { 722 received_bytes_ -= save_amount; 723 memcpy(read_buf_->StartOfBuffer(), user_read_buf_->data() + result, 724 save_amount); 725 } 726 read_buf_->set_offset(save_amount); 727 if (additional_save_amount) { 728 memmove(read_buf_->data(), 729 read_buf_->StartOfBuffer() + read_buf_unused_offset_, 730 additional_save_amount); 731 read_buf_->set_offset(save_amount + additional_save_amount); 732 } 733 read_buf_unused_offset_ = 0; 734 } else { 735 // Now waiting for more of the body to be read. 736 user_read_buf_ = NULL; 737 user_read_buf_len_ = 0; 738 } 739 740 return result; 741} 742 743int HttpStreamParser::HandleReadHeaderResult(int result) { 744 DCHECK_EQ(0, read_buf_unused_offset_); 745 746 if (result == 0) 747 result = ERR_CONNECTION_CLOSED; 748 749 if (result < 0 && result != ERR_CONNECTION_CLOSED) { 750 io_state_ = STATE_DONE; 751 return result; 752 } 753 // If we've used the connection before, then we know it is not a HTTP/0.9 754 // response and return ERR_CONNECTION_CLOSED. 755 if (result == ERR_CONNECTION_CLOSED && read_buf_->offset() == 0 && 756 connection_->is_reused()) { 757 io_state_ = STATE_DONE; 758 return result; 759 } 760 761 // Record our best estimate of the 'response time' as the time when we read 762 // the first bytes of the response headers. 763 if (read_buf_->offset() == 0 && result != ERR_CONNECTION_CLOSED) 764 response_->response_time = base::Time::Now(); 765 766 if (result == ERR_CONNECTION_CLOSED) { 767 // The connection closed before we detected the end of the headers. 768 if (read_buf_->offset() == 0) { 769 // The connection was closed before any data was sent. Likely an error 770 // rather than empty HTTP/0.9 response. 771 io_state_ = STATE_DONE; 772 return ERR_EMPTY_RESPONSE; 773 } else if (request_->url.SchemeIsSecure()) { 774 // The connection was closed in the middle of the headers. For HTTPS we 775 // don't parse partial headers. Return a different error code so that we 776 // know that we shouldn't attempt to retry the request. 777 io_state_ = STATE_DONE; 778 return ERR_RESPONSE_HEADERS_TRUNCATED; 779 } 780 // Parse things as well as we can and let the caller decide what to do. 781 int end_offset; 782 if (response_header_start_offset_ >= 0) { 783 io_state_ = STATE_READ_BODY_COMPLETE; 784 end_offset = read_buf_->offset(); 785 } else { 786 // Now waiting for the body to be read. 787 end_offset = 0; 788 } 789 int rv = DoParseResponseHeaders(end_offset); 790 if (rv < 0) 791 return rv; 792 return result; 793 } 794 795 read_buf_->set_offset(read_buf_->offset() + result); 796 DCHECK_LE(read_buf_->offset(), read_buf_->capacity()); 797 DCHECK_GE(result, 0); 798 799 int end_of_header_offset = ParseResponseHeaders(); 800 801 // Note: -1 is special, it indicates we haven't found the end of headers. 802 // Anything less than -1 is a net::Error, so we bail out. 803 if (end_of_header_offset < -1) 804 return end_of_header_offset; 805 806 if (end_of_header_offset == -1) { 807 io_state_ = STATE_READ_HEADERS; 808 // Prevent growing the headers buffer indefinitely. 809 if (read_buf_->offset() >= kMaxHeaderBufSize) { 810 io_state_ = STATE_DONE; 811 return ERR_RESPONSE_HEADERS_TOO_BIG; 812 } 813 } else { 814 CalculateResponseBodySize(); 815 // If the body is zero length, the caller may not call ReadResponseBody, 816 // which is where any extra data is copied to read_buf_, so we move the 817 // data here. 818 if (response_body_length_ == 0) { 819 int extra_bytes = read_buf_->offset() - end_of_header_offset; 820 if (extra_bytes) { 821 CHECK_GT(extra_bytes, 0); 822 memmove(read_buf_->StartOfBuffer(), 823 read_buf_->StartOfBuffer() + end_of_header_offset, 824 extra_bytes); 825 } 826 read_buf_->SetCapacity(extra_bytes); 827 if (response_->headers->response_code() / 100 == 1) { 828 // After processing a 1xx response, the caller will ask for the next 829 // header, so reset state to support that. We don't completely ignore a 830 // 1xx response because it cannot be returned in reply to a CONNECT 831 // request so we return OK here, which lets the caller inspect the 832 // response and reject it in the event that we're setting up a CONNECT 833 // tunnel. 834 response_header_start_offset_ = -1; 835 response_body_length_ = -1; 836 // Now waiting for the second set of headers to be read. 837 } else { 838 io_state_ = STATE_DONE; 839 } 840 return OK; 841 } 842 843 // Note where the headers stop. 844 read_buf_unused_offset_ = end_of_header_offset; 845 // Now waiting for the body to be read. 846 } 847 return result; 848} 849 850int HttpStreamParser::ParseResponseHeaders() { 851 int end_offset = -1; 852 DCHECK_EQ(0, read_buf_unused_offset_); 853 854 // Look for the start of the status line, if it hasn't been found yet. 855 if (response_header_start_offset_ < 0) { 856 response_header_start_offset_ = HttpUtil::LocateStartOfStatusLine( 857 read_buf_->StartOfBuffer(), read_buf_->offset()); 858 } 859 860 if (response_header_start_offset_ >= 0) { 861 end_offset = HttpUtil::LocateEndOfHeaders(read_buf_->StartOfBuffer(), 862 read_buf_->offset(), 863 response_header_start_offset_); 864 } else if (read_buf_->offset() >= 8) { 865 // Enough data to decide that this is an HTTP/0.9 response. 866 // 8 bytes = (4 bytes of junk) + "http".length() 867 end_offset = 0; 868 } 869 870 if (end_offset == -1) 871 return -1; 872 873 int rv = DoParseResponseHeaders(end_offset); 874 if (rv < 0) 875 return rv; 876 return end_offset; 877} 878 879int HttpStreamParser::DoParseResponseHeaders(int end_offset) { 880 scoped_refptr<HttpResponseHeaders> headers; 881 DCHECK_EQ(0, read_buf_unused_offset_); 882 883 if (response_header_start_offset_ >= 0) { 884 received_bytes_ += end_offset; 885 headers = new HttpResponseHeaders(HttpUtil::AssembleRawHeaders( 886 read_buf_->StartOfBuffer(), end_offset)); 887 } else { 888 // Enough data was read -- there is no status line. 889 headers = new HttpResponseHeaders(std::string("HTTP/0.9 200 OK")); 890 } 891 892 // Check for multiple Content-Length headers with no Transfer-Encoding header. 893 // If they exist, and have distinct values, it's a potential response 894 // smuggling attack. 895 if (!headers->HasHeader("Transfer-Encoding")) { 896 if (HeadersContainMultipleCopiesOfField(*headers.get(), "Content-Length")) 897 return ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_LENGTH; 898 } 899 900 // Check for multiple Content-Disposition or Location headers. If they exist, 901 // it's also a potential response smuggling attack. 902 if (HeadersContainMultipleCopiesOfField(*headers.get(), 903 "Content-Disposition")) 904 return ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_DISPOSITION; 905 if (HeadersContainMultipleCopiesOfField(*headers.get(), "Location")) 906 return ERR_RESPONSE_HEADERS_MULTIPLE_LOCATION; 907 908 response_->headers = headers; 909 response_->connection_info = HttpResponseInfo::CONNECTION_INFO_HTTP1; 910 response_->vary_data.Init(*request_, *response_->headers.get()); 911 DVLOG(1) << __FUNCTION__ << "()" 912 << " content_length = \"" << response_->headers->GetContentLength() 913 << "\n\"" 914 << " headers = \"" 915 << GetResponseHeaderLines(*response_->headers.get()) << "\""; 916 return OK; 917} 918 919void HttpStreamParser::CalculateResponseBodySize() { 920 // Figure how to determine EOF: 921 922 // For certain responses, we know the content length is always 0. From 923 // RFC 2616 Section 4.3 Message Body: 924 // 925 // For response messages, whether or not a message-body is included with 926 // a message is dependent on both the request method and the response 927 // status code (section 6.1.1). All responses to the HEAD request method 928 // MUST NOT include a message-body, even though the presence of entity- 929 // header fields might lead one to believe they do. All 1xx 930 // (informational), 204 (no content), and 304 (not modified) responses 931 // MUST NOT include a message-body. All other responses do include a 932 // message-body, although it MAY be of zero length. 933 if (response_->headers->response_code() / 100 == 1) { 934 response_body_length_ = 0; 935 } else { 936 switch (response_->headers->response_code()) { 937 case 204: // No Content 938 case 205: // Reset Content 939 case 304: // Not Modified 940 response_body_length_ = 0; 941 break; 942 } 943 } 944 if (request_->method == "HEAD") 945 response_body_length_ = 0; 946 947 if (response_body_length_ == -1) { 948 // "Transfer-Encoding: chunked" trumps "Content-Length: N" 949 if (response_->headers->IsChunkEncoded()) { 950 chunked_decoder_.reset(new HttpChunkedDecoder()); 951 } else { 952 response_body_length_ = response_->headers->GetContentLength(); 953 // If response_body_length_ is still -1, then we have to wait 954 // for the server to close the connection. 955 } 956 } 957} 958 959UploadProgress HttpStreamParser::GetUploadProgress() const { 960 if (!request_->upload_data_stream) 961 return UploadProgress(); 962 963 return UploadProgress(request_->upload_data_stream->position(), 964 request_->upload_data_stream->size()); 965} 966 967bool HttpStreamParser::IsResponseBodyComplete() const { 968 if (chunked_decoder_.get()) 969 return chunked_decoder_->reached_eof(); 970 if (response_body_length_ != -1) 971 return response_body_read_ >= response_body_length_; 972 973 return false; // Must read to EOF. 974} 975 976bool HttpStreamParser::CanFindEndOfResponse() const { 977 return chunked_decoder_.get() || response_body_length_ >= 0; 978} 979 980bool HttpStreamParser::IsMoreDataBuffered() const { 981 return read_buf_->offset() > read_buf_unused_offset_; 982} 983 984bool HttpStreamParser::IsConnectionReused() const { 985 ClientSocketHandle::SocketReuseType reuse_type = connection_->reuse_type(); 986 return connection_->is_reused() || 987 reuse_type == ClientSocketHandle::UNUSED_IDLE; 988} 989 990void HttpStreamParser::SetConnectionReused() { 991 connection_->set_reuse_type(ClientSocketHandle::REUSED_IDLE); 992} 993 994bool HttpStreamParser::IsConnectionReusable() const { 995 return connection_->socket() && connection_->socket()->IsConnectedAndIdle(); 996} 997 998void HttpStreamParser::GetSSLInfo(SSLInfo* ssl_info) { 999 if (request_->url.SchemeIsSecure() && connection_->socket()) { 1000 SSLClientSocket* ssl_socket = 1001 static_cast<SSLClientSocket*>(connection_->socket()); 1002 ssl_socket->GetSSLInfo(ssl_info); 1003 } 1004} 1005 1006void HttpStreamParser::GetSSLCertRequestInfo( 1007 SSLCertRequestInfo* cert_request_info) { 1008 if (request_->url.SchemeIsSecure() && connection_->socket()) { 1009 SSLClientSocket* ssl_socket = 1010 static_cast<SSLClientSocket*>(connection_->socket()); 1011 ssl_socket->GetSSLCertRequestInfo(cert_request_info); 1012 } 1013} 1014 1015int HttpStreamParser::EncodeChunk(const base::StringPiece& payload, 1016 char* output, 1017 size_t output_size) { 1018 if (output_size < payload.size() + kChunkHeaderFooterSize) 1019 return ERR_INVALID_ARGUMENT; 1020 1021 char* cursor = output; 1022 // Add the header. 1023 const int num_chars = base::snprintf(output, output_size, 1024 "%X\r\n", 1025 static_cast<int>(payload.size())); 1026 cursor += num_chars; 1027 // Add the payload if any. 1028 if (payload.size() > 0) { 1029 memcpy(cursor, payload.data(), payload.size()); 1030 cursor += payload.size(); 1031 } 1032 // Add the trailing CRLF. 1033 memcpy(cursor, "\r\n", 2); 1034 cursor += 2; 1035 1036 return cursor - output; 1037} 1038 1039// static 1040bool HttpStreamParser::ShouldMergeRequestHeadersAndBody( 1041 const std::string& request_headers, 1042 const UploadDataStream* request_body) { 1043 if (request_body != NULL && 1044 // IsInMemory() ensures that the request body is not chunked. 1045 request_body->IsInMemory() && 1046 request_body->size() > 0) { 1047 size_t merged_size = request_headers.size() + request_body->size(); 1048 if (merged_size <= kMaxMergedHeaderAndBodySize) 1049 return true; 1050 } 1051 return false; 1052} 1053 1054} // namespace net 1055