1 /***************************************************************************
2 * _ _ ____ _
3 * Project ___| | | | _ \| |
4 * / __| | | | |_) | |
5 * | (__| |_| | _ <| |___
6 * \___|\___/|_| \_\_____|
7 *
8 * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
9 *
10 * This software is licensed as described in the file COPYING, which
11 * you should have received as part of this distribution. The terms
12 * are also available at https://curl.se/docs/copyright.html.
13 *
14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 * copies of the Software, and permit persons to whom the Software is
16 * furnished to do so, under the terms of the COPYING file.
17 *
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 * KIND, either express or implied.
20 *
21 * SPDX-License-Identifier: curl
22 *
23 ***************************************************************************/
24 #include "tool_setup.h"
25
26 #include "strcase.h"
27 #ifdef HAVE_UNISTD_H
28 #include <unistd.h>
29 #endif
30
31 #define ENABLE_CURLX_PRINTF
32 /* use our own printf() functions */
33 #include "curlx.h"
34
35 #include "tool_cfgable.h"
36 #include "tool_doswin.h"
37 #include "tool_msgs.h"
38 #include "tool_cb_hdr.h"
39 #include "tool_cb_wrt.h"
40 #include "tool_operate.h"
41 #include "tool_libinfo.h"
42
43 #include "memdebug.h" /* keep this as LAST include */
44
45 static char *parse_filename(const char *ptr, size_t len);
46
47 #ifdef _WIN32
48 #define BOLD "\x1b[1m"
49 #define BOLDOFF "\x1b[22m"
50 #else
51 #define BOLD "\x1b[1m"
52 /* Switch off bold by setting "all attributes off" since the explicit
53 bold-off code (21) isn't supported everywhere - like in the mac
54 Terminal. */
55 #define BOLDOFF "\x1b[0m"
56 /* OSC 8 hyperlink escape sequence */
57 #define LINK "\x1b]8;;"
58 #define LINKST "\x1b\\"
59 #define LINKOFF LINK LINKST
60 #endif
61
62 #ifdef LINK
63 static void write_linked_location(CURL *curl, const char *location,
64 size_t loclen, FILE *stream);
65 #endif
66
67 /*
68 ** callback for CURLOPT_HEADERFUNCTION
69 */
70
tool_header_cb(char * ptr,size_t size,size_t nmemb,void * userdata)71 size_t tool_header_cb(char *ptr, size_t size, size_t nmemb, void *userdata)
72 {
73 struct per_transfer *per = userdata;
74 struct HdrCbData *hdrcbdata = &per->hdrcbdata;
75 struct OutStruct *outs = &per->outs;
76 struct OutStruct *heads = &per->heads;
77 struct OutStruct *etag_save = &per->etag_save;
78 const char *str = ptr;
79 const size_t cb = size * nmemb;
80 const char *end = (char *)ptr + cb;
81 const char *scheme = NULL;
82
83 if(!per->config)
84 return CURL_WRITEFUNC_ERROR;
85
86 #ifdef DEBUGBUILD
87 if(size * nmemb > (size_t)CURL_MAX_HTTP_HEADER) {
88 warnf(per->config->global, "Header data exceeds single call write limit");
89 return CURL_WRITEFUNC_ERROR;
90 }
91 #endif
92
93 #ifdef _WIN32
94 /* Discard incomplete UTF-8 sequence buffered from body */
95 if(outs->utf8seq[0])
96 memset(outs->utf8seq, 0, sizeof(outs->utf8seq));
97 #endif
98
99 /*
100 * Write header data when curl option --dump-header (-D) is given.
101 */
102
103 if(per->config->headerfile && heads->stream) {
104 size_t rc = fwrite(ptr, size, nmemb, heads->stream);
105 if(rc != cb)
106 return rc;
107 /* flush the stream to send off what we got earlier */
108 (void)fflush(heads->stream);
109 }
110
111 curl_easy_getinfo(per->curl, CURLINFO_SCHEME, &scheme);
112 scheme = proto_token(scheme);
113 if((scheme == proto_http || scheme == proto_https)) {
114 long response = 0;
115 curl_easy_getinfo(per->curl, CURLINFO_RESPONSE_CODE, &response);
116
117 if(response/100 != 2)
118 /* only care about these headers in 2xx responses */
119 ;
120 /*
121 * Write etag to file when --etag-save option is given.
122 */
123 else if(per->config->etag_save_file && etag_save->stream &&
124 /* match only header that start with etag (case insensitive) */
125 checkprefix("etag:", str)) {
126 const char *etag_h = &str[5];
127 const char *eot = end - 1;
128 if(*eot == '\n') {
129 while(ISBLANK(*etag_h) && (etag_h < eot))
130 etag_h++;
131 while(ISSPACE(*eot))
132 eot--;
133
134 if(eot >= etag_h) {
135 size_t etag_length = eot - etag_h + 1;
136 /*
137 * Truncate the etag save stream, it can have an existing etag value.
138 */
139 #ifdef HAVE_FTRUNCATE
140 if(ftruncate(fileno(etag_save->stream), 0)) {
141 return CURL_WRITEFUNC_ERROR;
142 }
143 #else
144 if(fseek(etag_save->stream, 0, SEEK_SET)) {
145 return CURL_WRITEFUNC_ERROR;
146 }
147 #endif
148
149 fwrite(etag_h, size, etag_length, etag_save->stream);
150 /* terminate with newline */
151 fputc('\n', etag_save->stream);
152 (void)fflush(etag_save->stream);
153 }
154 }
155 }
156
157 /*
158 * This callback sets the filename where output shall be written when
159 * curl options --remote-name (-O) and --remote-header-name (-J) have
160 * been simultaneously given and additionally server returns an HTTP
161 * Content-Disposition header specifying a filename property.
162 */
163
164 else if(hdrcbdata->honor_cd_filename &&
165 (cb > 20) && checkprefix("Content-disposition:", str)) {
166 const char *p = str + 20;
167
168 /* look for the 'filename=' parameter
169 (encoded filenames (*=) are not supported) */
170 for(;;) {
171 char *filename;
172 size_t len;
173
174 while((p < end) && *p && !ISALPHA(*p))
175 p++;
176 if(p > end - 9)
177 break;
178
179 if(memcmp(p, "filename=", 9)) {
180 /* no match, find next parameter */
181 while((p < end) && *p && (*p != ';'))
182 p++;
183 if((p < end) && *p)
184 continue;
185 else
186 break;
187 }
188 p += 9;
189
190 len = cb - (size_t)(p - str);
191 filename = parse_filename(p, len);
192 if(filename) {
193 if(outs->stream) {
194 /* indication of problem, get out! */
195 free(filename);
196 return CURL_WRITEFUNC_ERROR;
197 }
198
199 if(per->config->output_dir) {
200 outs->filename = aprintf("%s/%s", per->config->output_dir,
201 filename);
202 free(filename);
203 if(!outs->filename)
204 return CURL_WRITEFUNC_ERROR;
205 }
206 else
207 outs->filename = filename;
208
209 outs->is_cd_filename = TRUE;
210 outs->s_isreg = TRUE;
211 outs->fopened = FALSE;
212 outs->alloc_filename = TRUE;
213 hdrcbdata->honor_cd_filename = FALSE; /* done now! */
214 if(!tool_create_output_file(outs, per->config))
215 return CURL_WRITEFUNC_ERROR;
216 }
217 break;
218 }
219 if(!outs->stream && !tool_create_output_file(outs, per->config))
220 return CURL_WRITEFUNC_ERROR;
221 }
222 }
223 if(hdrcbdata->config->writeout) {
224 char *value = memchr(ptr, ':', cb);
225 if(value) {
226 if(per->was_last_header_empty)
227 per->num_headers = 0;
228 per->was_last_header_empty = FALSE;
229 per->num_headers++;
230 }
231 else if(ptr[0] == '\r' || ptr[0] == '\n')
232 per->was_last_header_empty = TRUE;
233 }
234 if(hdrcbdata->config->show_headers &&
235 (scheme == proto_http || scheme == proto_https ||
236 scheme == proto_rtsp || scheme == proto_file)) {
237 /* bold headers only for selected protocols */
238 char *value = NULL;
239
240 if(!outs->stream && !tool_create_output_file(outs, per->config))
241 return CURL_WRITEFUNC_ERROR;
242
243 if(hdrcbdata->global->isatty &&
244 #ifdef _WIN32
245 tool_term_has_bold &&
246 #endif
247 hdrcbdata->global->styled_output)
248 value = memchr(ptr, ':', cb);
249 if(value) {
250 size_t namelen = value - ptr;
251 fprintf(outs->stream, BOLD "%.*s" BOLDOFF ":", (int)namelen, ptr);
252 #ifndef LINK
253 fwrite(&value[1], cb - namelen - 1, 1, outs->stream);
254 #else
255 if(curl_strnequal("Location", ptr, namelen)) {
256 write_linked_location(per->curl, &value[1], cb - namelen - 1,
257 outs->stream);
258 }
259 else
260 fwrite(&value[1], cb - namelen - 1, 1, outs->stream);
261 #endif
262 }
263 else
264 /* not "handled", just show it */
265 fwrite(ptr, cb, 1, outs->stream);
266 }
267 return cb;
268 }
269
270 /*
271 * Copies a file name part and returns an ALLOCATED data buffer.
272 */
parse_filename(const char * ptr,size_t len)273 static char *parse_filename(const char *ptr, size_t len)
274 {
275 char *copy;
276 char *p;
277 char *q;
278 char stop = '\0';
279
280 /* simple implementation of strndup() */
281 copy = malloc(len + 1);
282 if(!copy)
283 return NULL;
284 memcpy(copy, ptr, len);
285 copy[len] = '\0';
286
287 p = copy;
288 if(*p == '\'' || *p == '"') {
289 /* store the starting quote */
290 stop = *p;
291 p++;
292 }
293 else
294 stop = ';';
295
296 /* scan for the end letter and stop there */
297 q = strchr(p, stop);
298 if(q)
299 *q = '\0';
300
301 /* if the filename contains a path, only use filename portion */
302 q = strrchr(p, '/');
303 if(q) {
304 p = q + 1;
305 if(!*p) {
306 Curl_safefree(copy);
307 return NULL;
308 }
309 }
310
311 /* If the filename contains a backslash, only use filename portion. The idea
312 is that even systems that don't handle backslashes as path separators
313 probably want the path removed for convenience. */
314 q = strrchr(p, '\\');
315 if(q) {
316 p = q + 1;
317 if(!*p) {
318 Curl_safefree(copy);
319 return NULL;
320 }
321 }
322
323 /* make sure the file name doesn't end in \r or \n */
324 q = strchr(p, '\r');
325 if(q)
326 *q = '\0';
327
328 q = strchr(p, '\n');
329 if(q)
330 *q = '\0';
331
332 if(copy != p)
333 memmove(copy, p, strlen(p) + 1);
334
335 #if defined(_WIN32) || defined(MSDOS)
336 {
337 char *sanitized;
338 SANITIZEcode sc = sanitize_file_name(&sanitized, copy, 0);
339 Curl_safefree(copy);
340 if(sc)
341 return NULL;
342 copy = sanitized;
343 }
344 #endif /* _WIN32 || MSDOS */
345
346 /* in case we built debug enabled, we allow an environment variable
347 * named CURL_TESTDIR to prefix the given file name to put it into a
348 * specific directory
349 */
350 #ifdef DEBUGBUILD
351 {
352 char *tdir = curl_getenv("CURL_TESTDIR");
353 if(tdir) {
354 char buffer[512]; /* suitably large */
355 msnprintf(buffer, sizeof(buffer), "%s/%s", tdir, copy);
356 Curl_safefree(copy);
357 copy = strdup(buffer); /* clone the buffer, we don't use the libcurl
358 aprintf() or similar since we want to use the
359 same memory code as the "real" parse_filename
360 function */
361 curl_free(tdir);
362 }
363 }
364 #endif
365
366 return copy;
367 }
368
369 #ifdef LINK
370 /*
371 * Treat the Location: header specially, by writing a special escape
372 * sequence that adds a hyperlink to the displayed text. This makes
373 * the absolute URL of the redirect clickable in supported terminals,
374 * which couldn't happen otherwise for relative URLs. The Location:
375 * header is supposed to always be absolute so this theoretically
376 * shouldn't be needed but the real world returns plenty of relative
377 * URLs here.
378 */
379 static
write_linked_location(CURL * curl,const char * location,size_t loclen,FILE * stream)380 void write_linked_location(CURL *curl, const char *location, size_t loclen,
381 FILE *stream) {
382 /* This would so simple if CURLINFO_REDIRECT_URL were available here */
383 CURLU *u = NULL;
384 char *copyloc = NULL, *locurl = NULL, *scheme = NULL, *finalurl = NULL;
385 const char *loc = location;
386 size_t llen = loclen;
387 int space_skipped = 0;
388 char *vver = getenv("VTE_VERSION");
389
390 if(vver) {
391 long vvn = strtol(vver, NULL, 10);
392 /* Skip formatting for old versions of VTE <= 0.48.1 (Mar 2017) since some
393 of those versions have formatting bugs. (#10428) */
394 if(0 < vvn && vvn <= 4801)
395 goto locout;
396 }
397
398 /* Strip leading whitespace of the redirect URL */
399 while(llen && (*loc == ' ' || *loc == '\t')) {
400 ++loc;
401 --llen;
402 ++space_skipped;
403 }
404
405 /* Strip the trailing end-of-line characters, normally "\r\n" */
406 while(llen && (loc[llen-1] == '\n' || loc[llen-1] == '\r'))
407 --llen;
408
409 /* CURLU makes it easy to handle the relative URL case */
410 u = curl_url();
411 if(!u)
412 goto locout;
413
414 /* Create a NUL-terminated and whitespace-stripped copy of Location: */
415 copyloc = malloc(llen + 1);
416 if(!copyloc)
417 goto locout;
418 memcpy(copyloc, loc, llen);
419 copyloc[llen] = 0;
420
421 /* The original URL to use as a base for a relative redirect URL */
422 if(curl_easy_getinfo(curl, CURLINFO_EFFECTIVE_URL, &locurl))
423 goto locout;
424 if(curl_url_set(u, CURLUPART_URL, locurl, 0))
425 goto locout;
426
427 /* Redirected location. This can be either absolute or relative. */
428 if(curl_url_set(u, CURLUPART_URL, copyloc, 0))
429 goto locout;
430
431 if(curl_url_get(u, CURLUPART_URL, &finalurl, CURLU_NO_DEFAULT_PORT))
432 goto locout;
433
434 if(curl_url_get(u, CURLUPART_SCHEME, &scheme, 0))
435 goto locout;
436
437 if(!strcmp("http", scheme) ||
438 !strcmp("https", scheme) ||
439 !strcmp("ftp", scheme) ||
440 !strcmp("ftps", scheme)) {
441 fprintf(stream, "%.*s" LINK "%s" LINKST "%.*s" LINKOFF,
442 space_skipped, location,
443 finalurl,
444 (int)loclen - space_skipped, loc);
445 goto locdone;
446 }
447
448 /* Not a "safe" URL: don't linkify it */
449
450 locout:
451 /* Write the normal output in case of error or unsafe */
452 fwrite(location, loclen, 1, stream);
453
454 locdone:
455 if(u) {
456 curl_free(finalurl);
457 curl_free(scheme);
458 curl_url_cleanup(u);
459 free(copyloc);
460 }
461 }
462 #endif
463