1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/http/http_stream_parser.h"
6
7 #include "base/bind.h"
8 #include "base/compiler_specific.h"
9 #include "base/logging.h"
10 #include "base/strings/string_util.h"
11 #include "base/values.h"
12 #include "net/base/io_buffer.h"
13 #include "net/base/ip_endpoint.h"
14 #include "net/base/upload_data_stream.h"
15 #include "net/http/http_chunked_decoder.h"
16 #include "net/http/http_request_headers.h"
17 #include "net/http/http_request_info.h"
18 #include "net/http/http_response_headers.h"
19 #include "net/http/http_util.h"
20 #include "net/socket/client_socket_handle.h"
21 #include "net/socket/ssl_client_socket.h"
22
23 namespace net {
24
25 namespace {
26
27 const size_t kMaxMergedHeaderAndBodySize = 1400;
28 const size_t kRequestBodyBufferSize = 1 << 14; // 16KB
29
GetResponseHeaderLines(const HttpResponseHeaders & headers)30 std::string GetResponseHeaderLines(const HttpResponseHeaders& headers) {
31 std::string raw_headers = headers.raw_headers();
32 const char* null_separated_headers = raw_headers.c_str();
33 const char* header_line = null_separated_headers;
34 std::string cr_separated_headers;
35 while (header_line[0] != 0) {
36 cr_separated_headers += header_line;
37 cr_separated_headers += "\n";
38 header_line += strlen(header_line) + 1;
39 }
40 return cr_separated_headers;
41 }
42
43 // Return true if |headers| contain multiple |field_name| fields with different
44 // values.
HeadersContainMultipleCopiesOfField(const HttpResponseHeaders & headers,const std::string & field_name)45 bool HeadersContainMultipleCopiesOfField(const HttpResponseHeaders& headers,
46 const std::string& field_name) {
47 void* it = NULL;
48 std::string field_value;
49 if (!headers.EnumerateHeader(&it, field_name, &field_value))
50 return false;
51 // There's at least one |field_name| header. Check if there are any more
52 // such headers, and if so, return true if they have different values.
53 std::string field_value2;
54 while (headers.EnumerateHeader(&it, field_name, &field_value2)) {
55 if (field_value != field_value2)
56 return true;
57 }
58 return false;
59 }
60
NetLogSendRequestBodyCallback(int length,bool is_chunked,bool did_merge,NetLog::LogLevel)61 base::Value* NetLogSendRequestBodyCallback(int length,
62 bool is_chunked,
63 bool did_merge,
64 NetLog::LogLevel /* log_level */) {
65 base::DictionaryValue* dict = new base::DictionaryValue();
66 dict->SetInteger("length", length);
67 dict->SetBoolean("is_chunked", is_chunked);
68 dict->SetBoolean("did_merge", did_merge);
69 return dict;
70 }
71
72 // Returns true if |error_code| is an error for which we give the server a
73 // chance to send a body containing error information, if the error was received
74 // while trying to upload a request body.
ShouldTryReadingOnUploadError(int error_code)75 bool ShouldTryReadingOnUploadError(int error_code) {
76 return (error_code == ERR_CONNECTION_RESET);
77 }
78
79 } // namespace
80
81 // Similar to DrainableIOBuffer(), but this version comes with its own
82 // storage. The motivation is to avoid repeated allocations of
83 // DrainableIOBuffer.
84 //
85 // Example:
86 //
87 // scoped_refptr<SeekableIOBuffer> buf = new SeekableIOBuffer(1024);
88 // // capacity() == 1024. size() == BytesRemaining() == BytesConsumed() == 0.
89 // // data() points to the beginning of the buffer.
90 //
91 // // Read() takes an IOBuffer.
92 // int bytes_read = some_reader->Read(buf, buf->capacity());
93 // buf->DidAppend(bytes_read);
94 // // size() == BytesRemaining() == bytes_read. data() is unaffected.
95 //
96 // while (buf->BytesRemaining() > 0) {
97 // // Write() takes an IOBuffer. If it takes const char*, we could
98 /// // simply use the regular IOBuffer like buf->data() + offset.
99 // int bytes_written = Write(buf, buf->BytesRemaining());
100 // buf->DidConsume(bytes_written);
101 // }
102 // // BytesRemaining() == 0. BytesConsumed() == size().
103 // // data() points to the end of the consumed bytes (exclusive).
104 //
105 // // If you want to reuse the buffer, be sure to clear the buffer.
106 // buf->Clear();
107 // // size() == BytesRemaining() == BytesConsumed() == 0.
108 // // data() points to the beginning of the buffer.
109 //
110 class HttpStreamParser::SeekableIOBuffer : public IOBuffer {
111 public:
SeekableIOBuffer(int capacity)112 explicit SeekableIOBuffer(int capacity)
113 : IOBuffer(capacity),
114 real_data_(data_),
115 capacity_(capacity),
116 size_(0),
117 used_(0) {
118 }
119
120 // DidConsume() changes the |data_| pointer so that |data_| always points
121 // to the first unconsumed byte.
DidConsume(int bytes)122 void DidConsume(int bytes) {
123 SetOffset(used_ + bytes);
124 }
125
126 // Returns the number of unconsumed bytes.
BytesRemaining() const127 int BytesRemaining() const {
128 return size_ - used_;
129 }
130
131 // Seeks to an arbitrary point in the buffer. The notion of bytes consumed
132 // and remaining are updated appropriately.
SetOffset(int bytes)133 void SetOffset(int bytes) {
134 DCHECK_GE(bytes, 0);
135 DCHECK_LE(bytes, size_);
136 used_ = bytes;
137 data_ = real_data_ + used_;
138 }
139
140 // Called after data is added to the buffer. Adds |bytes| added to
141 // |size_|. data() is unaffected.
DidAppend(int bytes)142 void DidAppend(int bytes) {
143 DCHECK_GE(bytes, 0);
144 DCHECK_GE(size_ + bytes, 0);
145 DCHECK_LE(size_ + bytes, capacity_);
146 size_ += bytes;
147 }
148
149 // Changes the logical size to 0, and the offset to 0.
Clear()150 void Clear() {
151 size_ = 0;
152 SetOffset(0);
153 }
154
155 // Returns the logical size of the buffer (i.e the number of bytes of data
156 // in the buffer).
size() const157 int size() const { return size_; }
158
159 // Returns the capacity of the buffer. The capacity is the size used when
160 // the object is created.
capacity() const161 int capacity() const { return capacity_; };
162
163 private:
~SeekableIOBuffer()164 virtual ~SeekableIOBuffer() {
165 // data_ will be deleted in IOBuffer::~IOBuffer().
166 data_ = real_data_;
167 }
168
169 char* real_data_;
170 const int capacity_;
171 int size_;
172 int used_;
173 };
174
175 // 2 CRLFs + max of 8 hex chars.
176 const size_t HttpStreamParser::kChunkHeaderFooterSize = 12;
177
HttpStreamParser(ClientSocketHandle * connection,const HttpRequestInfo * request,GrowableIOBuffer * read_buffer,const BoundNetLog & net_log)178 HttpStreamParser::HttpStreamParser(ClientSocketHandle* connection,
179 const HttpRequestInfo* request,
180 GrowableIOBuffer* read_buffer,
181 const BoundNetLog& net_log)
182 : io_state_(STATE_NONE),
183 request_(request),
184 request_headers_(NULL),
185 request_headers_length_(0),
186 read_buf_(read_buffer),
187 read_buf_unused_offset_(0),
188 response_header_start_offset_(-1),
189 received_bytes_(0),
190 response_body_length_(-1),
191 response_body_read_(0),
192 user_read_buf_(NULL),
193 user_read_buf_len_(0),
194 connection_(connection),
195 net_log_(net_log),
196 sent_last_chunk_(false),
197 upload_error_(OK),
198 weak_ptr_factory_(this) {
199 io_callback_ = base::Bind(&HttpStreamParser::OnIOComplete,
200 weak_ptr_factory_.GetWeakPtr());
201 }
202
~HttpStreamParser()203 HttpStreamParser::~HttpStreamParser() {
204 }
205
SendRequest(const std::string & request_line,const HttpRequestHeaders & headers,HttpResponseInfo * response,const CompletionCallback & callback)206 int HttpStreamParser::SendRequest(const std::string& request_line,
207 const HttpRequestHeaders& headers,
208 HttpResponseInfo* response,
209 const CompletionCallback& callback) {
210 DCHECK_EQ(STATE_NONE, io_state_);
211 DCHECK(callback_.is_null());
212 DCHECK(!callback.is_null());
213 DCHECK(response);
214
215 net_log_.AddEvent(
216 NetLog::TYPE_HTTP_TRANSACTION_SEND_REQUEST_HEADERS,
217 base::Bind(&HttpRequestHeaders::NetLogCallback,
218 base::Unretained(&headers),
219 &request_line));
220
221 DVLOG(1) << __FUNCTION__ << "()"
222 << " request_line = \"" << request_line << "\""
223 << " headers = \"" << headers.ToString() << "\"";
224 response_ = response;
225
226 // Put the peer's IP address and port into the response.
227 IPEndPoint ip_endpoint;
228 int result = connection_->socket()->GetPeerAddress(&ip_endpoint);
229 if (result != OK)
230 return result;
231 response_->socket_address = HostPortPair::FromIPEndPoint(ip_endpoint);
232
233 std::string request = request_line + headers.ToString();
234 request_headers_length_ = request.size();
235
236 if (request_->upload_data_stream != NULL) {
237 request_body_send_buf_ = new SeekableIOBuffer(kRequestBodyBufferSize);
238 if (request_->upload_data_stream->is_chunked()) {
239 // Read buffer is adjusted to guarantee that |request_body_send_buf_| is
240 // large enough to hold the encoded chunk.
241 request_body_read_buf_ =
242 new SeekableIOBuffer(kRequestBodyBufferSize - kChunkHeaderFooterSize);
243 } else {
244 // No need to encode request body, just send the raw data.
245 request_body_read_buf_ = request_body_send_buf_;
246 }
247 }
248
249 io_state_ = STATE_SEND_HEADERS;
250
251 // If we have a small request body, then we'll merge with the headers into a
252 // single write.
253 bool did_merge = false;
254 if (ShouldMergeRequestHeadersAndBody(request, request_->upload_data_stream)) {
255 size_t merged_size =
256 request_headers_length_ + request_->upload_data_stream->size();
257 scoped_refptr<IOBuffer> merged_request_headers_and_body(
258 new IOBuffer(merged_size));
259 // We'll repurpose |request_headers_| to store the merged headers and
260 // body.
261 request_headers_ = new DrainableIOBuffer(
262 merged_request_headers_and_body.get(), merged_size);
263
264 memcpy(request_headers_->data(), request.data(), request_headers_length_);
265 request_headers_->DidConsume(request_headers_length_);
266
267 size_t todo = request_->upload_data_stream->size();
268 while (todo) {
269 int consumed = request_->upload_data_stream
270 ->Read(request_headers_.get(), todo, CompletionCallback());
271 DCHECK_GT(consumed, 0); // Read() won't fail if not chunked.
272 request_headers_->DidConsume(consumed);
273 todo -= consumed;
274 }
275 DCHECK(request_->upload_data_stream->IsEOF());
276 // Reset the offset, so the buffer can be read from the beginning.
277 request_headers_->SetOffset(0);
278 did_merge = true;
279
280 net_log_.AddEvent(
281 NetLog::TYPE_HTTP_TRANSACTION_SEND_REQUEST_BODY,
282 base::Bind(&NetLogSendRequestBodyCallback,
283 request_->upload_data_stream->size(),
284 false, /* not chunked */
285 true /* merged */));
286 }
287
288 if (!did_merge) {
289 // If we didn't merge the body with the headers, then |request_headers_|
290 // contains just the HTTP headers.
291 scoped_refptr<StringIOBuffer> headers_io_buf(new StringIOBuffer(request));
292 request_headers_ =
293 new DrainableIOBuffer(headers_io_buf.get(), headers_io_buf->size());
294 }
295
296 result = DoLoop(OK);
297 if (result == ERR_IO_PENDING)
298 callback_ = callback;
299
300 return result > 0 ? OK : result;
301 }
302
ReadResponseHeaders(const CompletionCallback & callback)303 int HttpStreamParser::ReadResponseHeaders(const CompletionCallback& callback) {
304 DCHECK(io_state_ == STATE_NONE || io_state_ == STATE_DONE);
305 DCHECK(callback_.is_null());
306 DCHECK(!callback.is_null());
307 DCHECK_EQ(0, read_buf_unused_offset_);
308
309 // This function can be called with io_state_ == STATE_DONE if the
310 // connection is closed after seeing just a 1xx response code.
311 if (io_state_ == STATE_DONE)
312 return ERR_CONNECTION_CLOSED;
313
314 int result = OK;
315 io_state_ = STATE_READ_HEADERS;
316
317 if (read_buf_->offset() > 0) {
318 // Simulate the state where the data was just read from the socket.
319 result = read_buf_->offset();
320 read_buf_->set_offset(0);
321 }
322 if (result > 0)
323 io_state_ = STATE_READ_HEADERS_COMPLETE;
324
325 result = DoLoop(result);
326 if (result == ERR_IO_PENDING)
327 callback_ = callback;
328
329 return result > 0 ? OK : result;
330 }
331
Close(bool not_reusable)332 void HttpStreamParser::Close(bool not_reusable) {
333 if (not_reusable && connection_->socket())
334 connection_->socket()->Disconnect();
335 connection_->Reset();
336 }
337
ReadResponseBody(IOBuffer * buf,int buf_len,const CompletionCallback & callback)338 int HttpStreamParser::ReadResponseBody(IOBuffer* buf, int buf_len,
339 const CompletionCallback& callback) {
340 DCHECK(io_state_ == STATE_NONE || io_state_ == STATE_DONE);
341 DCHECK(callback_.is_null());
342 DCHECK(!callback.is_null());
343 DCHECK_LE(buf_len, kMaxBufSize);
344
345 if (io_state_ == STATE_DONE)
346 return OK;
347
348 user_read_buf_ = buf;
349 user_read_buf_len_ = buf_len;
350 io_state_ = STATE_READ_BODY;
351
352 int result = DoLoop(OK);
353 if (result == ERR_IO_PENDING)
354 callback_ = callback;
355
356 return result;
357 }
358
OnIOComplete(int result)359 void HttpStreamParser::OnIOComplete(int result) {
360 result = DoLoop(result);
361
362 // The client callback can do anything, including destroying this class,
363 // so any pending callback must be issued after everything else is done.
364 if (result != ERR_IO_PENDING && !callback_.is_null()) {
365 CompletionCallback c = callback_;
366 callback_.Reset();
367 c.Run(result);
368 }
369 }
370
DoLoop(int result)371 int HttpStreamParser::DoLoop(int result) {
372 do {
373 DCHECK_NE(ERR_IO_PENDING, result);
374 DCHECK_NE(STATE_DONE, io_state_);
375 DCHECK_NE(STATE_NONE, io_state_);
376 State state = io_state_;
377 io_state_ = STATE_NONE;
378 switch (state) {
379 case STATE_SEND_HEADERS:
380 DCHECK_EQ(OK, result);
381 result = DoSendHeaders();
382 break;
383 case STATE_SEND_HEADERS_COMPLETE:
384 result = DoSendHeadersComplete(result);
385 break;
386 case STATE_SEND_BODY:
387 DCHECK_EQ(OK, result);
388 result = DoSendBody();
389 break;
390 case STATE_SEND_BODY_COMPLETE:
391 result = DoSendBodyComplete(result);
392 break;
393 case STATE_SEND_REQUEST_READ_BODY_COMPLETE:
394 result = DoSendRequestReadBodyComplete(result);
395 break;
396 case STATE_READ_HEADERS:
397 net_log_.BeginEvent(NetLog::TYPE_HTTP_STREAM_PARSER_READ_HEADERS);
398 DCHECK_GE(result, 0);
399 result = DoReadHeaders();
400 break;
401 case STATE_READ_HEADERS_COMPLETE:
402 result = DoReadHeadersComplete(result);
403 net_log_.EndEventWithNetErrorCode(
404 NetLog::TYPE_HTTP_STREAM_PARSER_READ_HEADERS, result);
405 break;
406 case STATE_READ_BODY:
407 DCHECK_GE(result, 0);
408 result = DoReadBody();
409 break;
410 case STATE_READ_BODY_COMPLETE:
411 result = DoReadBodyComplete(result);
412 break;
413 default:
414 NOTREACHED();
415 break;
416 }
417 } while (result != ERR_IO_PENDING &&
418 (io_state_ != STATE_DONE && io_state_ != STATE_NONE));
419
420 return result;
421 }
422
DoSendHeaders()423 int HttpStreamParser::DoSendHeaders() {
424 int bytes_remaining = request_headers_->BytesRemaining();
425 DCHECK_GT(bytes_remaining, 0);
426
427 // Record our best estimate of the 'request time' as the time when we send
428 // out the first bytes of the request headers.
429 if (bytes_remaining == request_headers_->size())
430 response_->request_time = base::Time::Now();
431
432 io_state_ = STATE_SEND_HEADERS_COMPLETE;
433 return connection_->socket()
434 ->Write(request_headers_.get(), bytes_remaining, io_callback_);
435 }
436
DoSendHeadersComplete(int result)437 int HttpStreamParser::DoSendHeadersComplete(int result) {
438 if (result < 0) {
439 // In the unlikely case that the headers and body were merged, all the
440 // the headers were sent, but not all of the body way, and |result| is
441 // an error that this should try reading after, stash the error for now and
442 // act like the request was successfully sent.
443 if (request_headers_->BytesConsumed() >= request_headers_length_ &&
444 ShouldTryReadingOnUploadError(result)) {
445 upload_error_ = result;
446 return OK;
447 }
448 return result;
449 }
450
451 request_headers_->DidConsume(result);
452 if (request_headers_->BytesRemaining() > 0) {
453 io_state_ = STATE_SEND_HEADERS;
454 return OK;
455 }
456
457 if (request_->upload_data_stream != NULL &&
458 (request_->upload_data_stream->is_chunked() ||
459 // !IsEOF() indicates that the body wasn't merged.
460 (request_->upload_data_stream->size() > 0 &&
461 !request_->upload_data_stream->IsEOF()))) {
462 net_log_.AddEvent(
463 NetLog::TYPE_HTTP_TRANSACTION_SEND_REQUEST_BODY,
464 base::Bind(&NetLogSendRequestBodyCallback,
465 request_->upload_data_stream->size(),
466 request_->upload_data_stream->is_chunked(),
467 false /* not merged */));
468 io_state_ = STATE_SEND_BODY;
469 return OK;
470 }
471
472 // Finished sending the request.
473 return OK;
474 }
475
DoSendBody()476 int HttpStreamParser::DoSendBody() {
477 if (request_body_send_buf_->BytesRemaining() > 0) {
478 io_state_ = STATE_SEND_BODY_COMPLETE;
479 return connection_->socket()
480 ->Write(request_body_send_buf_.get(),
481 request_body_send_buf_->BytesRemaining(),
482 io_callback_);
483 }
484
485 if (request_->upload_data_stream->is_chunked() && sent_last_chunk_) {
486 // Finished sending the request.
487 return OK;
488 }
489
490 request_body_read_buf_->Clear();
491 io_state_ = STATE_SEND_REQUEST_READ_BODY_COMPLETE;
492 return request_->upload_data_stream->Read(request_body_read_buf_.get(),
493 request_body_read_buf_->capacity(),
494 io_callback_);
495 }
496
DoSendBodyComplete(int result)497 int HttpStreamParser::DoSendBodyComplete(int result) {
498 if (result < 0) {
499 // If |result| is an error that this should try reading after, stash the
500 // error for now and act like the request was successfully sent.
501 if (ShouldTryReadingOnUploadError(result)) {
502 upload_error_ = result;
503 return OK;
504 }
505 return result;
506 }
507
508 request_body_send_buf_->DidConsume(result);
509
510 io_state_ = STATE_SEND_BODY;
511 return OK;
512 }
513
DoSendRequestReadBodyComplete(int result)514 int HttpStreamParser::DoSendRequestReadBodyComplete(int result) {
515 // |result| is the result of read from the request body from the last call to
516 // DoSendBody().
517 DCHECK_GE(result, 0); // There won't be errors.
518
519 // Chunked data needs to be encoded.
520 if (request_->upload_data_stream->is_chunked()) {
521 if (result == 0) { // Reached the end.
522 DCHECK(request_->upload_data_stream->IsEOF());
523 sent_last_chunk_ = true;
524 }
525 // Encode the buffer as 1 chunk.
526 const base::StringPiece payload(request_body_read_buf_->data(), result);
527 request_body_send_buf_->Clear();
528 result = EncodeChunk(payload,
529 request_body_send_buf_->data(),
530 request_body_send_buf_->capacity());
531 }
532
533 if (result == 0) { // Reached the end.
534 // Reaching EOF means we can finish sending request body unless the data is
535 // chunked. (i.e. No need to send the terminal chunk.)
536 DCHECK(request_->upload_data_stream->IsEOF());
537 DCHECK(!request_->upload_data_stream->is_chunked());
538 // Finished sending the request.
539 } else if (result > 0) {
540 request_body_send_buf_->DidAppend(result);
541 result = 0;
542 io_state_ = STATE_SEND_BODY;
543 }
544 return result;
545 }
546
DoReadHeaders()547 int HttpStreamParser::DoReadHeaders() {
548 io_state_ = STATE_READ_HEADERS_COMPLETE;
549
550 // Grow the read buffer if necessary.
551 if (read_buf_->RemainingCapacity() == 0)
552 read_buf_->SetCapacity(read_buf_->capacity() + kHeaderBufInitialSize);
553
554 // http://crbug.com/16371: We're seeing |user_buf_->data()| return NULL.
555 // See if the user is passing in an IOBuffer with a NULL |data_|.
556 CHECK(read_buf_->data());
557
558 return connection_->socket()
559 ->Read(read_buf_.get(), read_buf_->RemainingCapacity(), io_callback_);
560 }
561
DoReadHeadersComplete(int result)562 int HttpStreamParser::DoReadHeadersComplete(int result) {
563 result = HandleReadHeaderResult(result);
564
565 // TODO(mmenke): The code below is ugly and hacky. A much better and more
566 // flexible long term solution would be to separate out the read and write
567 // loops, though this would involve significant changes, both here and
568 // elsewhere (WebSockets, for instance).
569
570 // If still reading the headers, or there was no error uploading the request
571 // body, just return the result.
572 if (io_state_ == STATE_READ_HEADERS || upload_error_ == OK)
573 return result;
574
575 // If the result is ERR_IO_PENDING, |io_state_| should be STATE_READ_HEADERS.
576 DCHECK_NE(ERR_IO_PENDING, result);
577
578 // On errors, use the original error received when sending the request.
579 // The main cases where these are different is when there's a header-related
580 // error code, or when there's an ERR_CONNECTION_CLOSED, which can result in
581 // special handling of partial responses and HTTP/0.9 responses.
582 if (result < 0) {
583 // Nothing else to do. In the HTTP/0.9 or only partial headers received
584 // cases, can normally go to other states after an error reading headers.
585 io_state_ = STATE_DONE;
586 // Don't let caller see the headers.
587 response_->headers = NULL;
588 return upload_error_;
589 }
590
591 // Skip over 1xx responses as usual, and allow 4xx/5xx error responses to
592 // override the error received while uploading the body.
593 int response_code_class = response_->headers->response_code() / 100;
594 if (response_code_class == 1 || response_code_class == 4 ||
595 response_code_class == 5) {
596 return result;
597 }
598
599 // All other status codes are not allowed after an error during upload, to
600 // make sure the consumer has some indication there was an error.
601
602 // Nothing else to do.
603 io_state_ = STATE_DONE;
604 // Don't let caller see the headers.
605 response_->headers = NULL;
606 return upload_error_;
607 }
608
DoReadBody()609 int HttpStreamParser::DoReadBody() {
610 io_state_ = STATE_READ_BODY_COMPLETE;
611
612 // There may be some data left over from reading the response headers.
613 if (read_buf_->offset()) {
614 int available = read_buf_->offset() - read_buf_unused_offset_;
615 if (available) {
616 CHECK_GT(available, 0);
617 int bytes_from_buffer = std::min(available, user_read_buf_len_);
618 memcpy(user_read_buf_->data(),
619 read_buf_->StartOfBuffer() + read_buf_unused_offset_,
620 bytes_from_buffer);
621 read_buf_unused_offset_ += bytes_from_buffer;
622 if (bytes_from_buffer == available) {
623 read_buf_->SetCapacity(0);
624 read_buf_unused_offset_ = 0;
625 }
626 return bytes_from_buffer;
627 } else {
628 read_buf_->SetCapacity(0);
629 read_buf_unused_offset_ = 0;
630 }
631 }
632
633 // Check to see if we're done reading.
634 if (IsResponseBodyComplete())
635 return 0;
636
637 DCHECK_EQ(0, read_buf_->offset());
638 return connection_->socket()
639 ->Read(user_read_buf_.get(), user_read_buf_len_, io_callback_);
640 }
641
DoReadBodyComplete(int result)642 int HttpStreamParser::DoReadBodyComplete(int result) {
643 // When the connection is closed, there are numerous ways to interpret it.
644 //
645 // - If a Content-Length header is present and the body contains exactly that
646 // number of bytes at connection close, the response is successful.
647 //
648 // - If a Content-Length header is present and the body contains fewer bytes
649 // than promised by the header at connection close, it may indicate that
650 // the connection was closed prematurely, or it may indicate that the
651 // server sent an invalid Content-Length header. Unfortunately, the invalid
652 // Content-Length header case does occur in practice and other browsers are
653 // tolerant of it. We choose to treat it as an error for now, but the
654 // download system treats it as a non-error, and URLRequestHttpJob also
655 // treats it as OK if the Content-Length is the post-decoded body content
656 // length.
657 //
658 // - If chunked encoding is used and the terminating chunk has been processed
659 // when the connection is closed, the response is successful.
660 //
661 // - If chunked encoding is used and the terminating chunk has not been
662 // processed when the connection is closed, it may indicate that the
663 // connection was closed prematurely or it may indicate that the server
664 // sent an invalid chunked encoding. We choose to treat it as
665 // an invalid chunked encoding.
666 //
667 // - If a Content-Length is not present and chunked encoding is not used,
668 // connection close is the only way to signal that the response is
669 // complete. Unfortunately, this also means that there is no way to detect
670 // early close of a connection. No error is returned.
671 if (result == 0 && !IsResponseBodyComplete() && CanFindEndOfResponse()) {
672 if (chunked_decoder_.get())
673 result = ERR_INCOMPLETE_CHUNKED_ENCODING;
674 else
675 result = ERR_CONTENT_LENGTH_MISMATCH;
676 }
677
678 if (result > 0)
679 received_bytes_ += result;
680
681 // Filter incoming data if appropriate. FilterBuf may return an error.
682 if (result > 0 && chunked_decoder_.get()) {
683 result = chunked_decoder_->FilterBuf(user_read_buf_->data(), result);
684 if (result == 0 && !chunked_decoder_->reached_eof()) {
685 // Don't signal completion of the Read call yet or else it'll look like
686 // we received end-of-file. Wait for more data.
687 io_state_ = STATE_READ_BODY;
688 return OK;
689 }
690 }
691
692 if (result > 0)
693 response_body_read_ += result;
694
695 if (result <= 0 || IsResponseBodyComplete()) {
696 io_state_ = STATE_DONE;
697
698 // Save the overflow data, which can be in two places. There may be
699 // some left over in |user_read_buf_|, plus there may be more
700 // in |read_buf_|. But the part left over in |user_read_buf_| must have
701 // come from the |read_buf_|, so there's room to put it back at the
702 // start first.
703 int additional_save_amount = read_buf_->offset() - read_buf_unused_offset_;
704 int save_amount = 0;
705 if (chunked_decoder_.get()) {
706 save_amount = chunked_decoder_->bytes_after_eof();
707 } else if (response_body_length_ >= 0) {
708 int64 extra_data_read = response_body_read_ - response_body_length_;
709 if (extra_data_read > 0) {
710 save_amount = static_cast<int>(extra_data_read);
711 if (result > 0)
712 result -= save_amount;
713 }
714 }
715
716 CHECK_LE(save_amount + additional_save_amount, kMaxBufSize);
717 if (read_buf_->capacity() < save_amount + additional_save_amount) {
718 read_buf_->SetCapacity(save_amount + additional_save_amount);
719 }
720
721 if (save_amount) {
722 received_bytes_ -= save_amount;
723 memcpy(read_buf_->StartOfBuffer(), user_read_buf_->data() + result,
724 save_amount);
725 }
726 read_buf_->set_offset(save_amount);
727 if (additional_save_amount) {
728 memmove(read_buf_->data(),
729 read_buf_->StartOfBuffer() + read_buf_unused_offset_,
730 additional_save_amount);
731 read_buf_->set_offset(save_amount + additional_save_amount);
732 }
733 read_buf_unused_offset_ = 0;
734 } else {
735 // Now waiting for more of the body to be read.
736 user_read_buf_ = NULL;
737 user_read_buf_len_ = 0;
738 }
739
740 return result;
741 }
742
HandleReadHeaderResult(int result)743 int HttpStreamParser::HandleReadHeaderResult(int result) {
744 DCHECK_EQ(0, read_buf_unused_offset_);
745
746 if (result == 0)
747 result = ERR_CONNECTION_CLOSED;
748
749 if (result < 0 && result != ERR_CONNECTION_CLOSED) {
750 io_state_ = STATE_DONE;
751 return result;
752 }
753 // If we've used the connection before, then we know it is not a HTTP/0.9
754 // response and return ERR_CONNECTION_CLOSED.
755 if (result == ERR_CONNECTION_CLOSED && read_buf_->offset() == 0 &&
756 connection_->is_reused()) {
757 io_state_ = STATE_DONE;
758 return result;
759 }
760
761 // Record our best estimate of the 'response time' as the time when we read
762 // the first bytes of the response headers.
763 if (read_buf_->offset() == 0 && result != ERR_CONNECTION_CLOSED)
764 response_->response_time = base::Time::Now();
765
766 if (result == ERR_CONNECTION_CLOSED) {
767 // The connection closed before we detected the end of the headers.
768 if (read_buf_->offset() == 0) {
769 // The connection was closed before any data was sent. Likely an error
770 // rather than empty HTTP/0.9 response.
771 io_state_ = STATE_DONE;
772 return ERR_EMPTY_RESPONSE;
773 } else if (request_->url.SchemeIsSecure()) {
774 // The connection was closed in the middle of the headers. For HTTPS we
775 // don't parse partial headers. Return a different error code so that we
776 // know that we shouldn't attempt to retry the request.
777 io_state_ = STATE_DONE;
778 return ERR_RESPONSE_HEADERS_TRUNCATED;
779 }
780 // Parse things as well as we can and let the caller decide what to do.
781 int end_offset;
782 if (response_header_start_offset_ >= 0) {
783 io_state_ = STATE_READ_BODY_COMPLETE;
784 end_offset = read_buf_->offset();
785 } else {
786 // Now waiting for the body to be read.
787 end_offset = 0;
788 }
789 int rv = DoParseResponseHeaders(end_offset);
790 if (rv < 0)
791 return rv;
792 return result;
793 }
794
795 read_buf_->set_offset(read_buf_->offset() + result);
796 DCHECK_LE(read_buf_->offset(), read_buf_->capacity());
797 DCHECK_GE(result, 0);
798
799 int end_of_header_offset = ParseResponseHeaders();
800
801 // Note: -1 is special, it indicates we haven't found the end of headers.
802 // Anything less than -1 is a net::Error, so we bail out.
803 if (end_of_header_offset < -1)
804 return end_of_header_offset;
805
806 if (end_of_header_offset == -1) {
807 io_state_ = STATE_READ_HEADERS;
808 // Prevent growing the headers buffer indefinitely.
809 if (read_buf_->offset() >= kMaxHeaderBufSize) {
810 io_state_ = STATE_DONE;
811 return ERR_RESPONSE_HEADERS_TOO_BIG;
812 }
813 } else {
814 CalculateResponseBodySize();
815 // If the body is zero length, the caller may not call ReadResponseBody,
816 // which is where any extra data is copied to read_buf_, so we move the
817 // data here.
818 if (response_body_length_ == 0) {
819 int extra_bytes = read_buf_->offset() - end_of_header_offset;
820 if (extra_bytes) {
821 CHECK_GT(extra_bytes, 0);
822 memmove(read_buf_->StartOfBuffer(),
823 read_buf_->StartOfBuffer() + end_of_header_offset,
824 extra_bytes);
825 }
826 read_buf_->SetCapacity(extra_bytes);
827 if (response_->headers->response_code() / 100 == 1) {
828 // After processing a 1xx response, the caller will ask for the next
829 // header, so reset state to support that. We don't completely ignore a
830 // 1xx response because it cannot be returned in reply to a CONNECT
831 // request so we return OK here, which lets the caller inspect the
832 // response and reject it in the event that we're setting up a CONNECT
833 // tunnel.
834 response_header_start_offset_ = -1;
835 response_body_length_ = -1;
836 // Now waiting for the second set of headers to be read.
837 } else {
838 io_state_ = STATE_DONE;
839 }
840 return OK;
841 }
842
843 // Note where the headers stop.
844 read_buf_unused_offset_ = end_of_header_offset;
845 // Now waiting for the body to be read.
846 }
847 return result;
848 }
849
ParseResponseHeaders()850 int HttpStreamParser::ParseResponseHeaders() {
851 int end_offset = -1;
852 DCHECK_EQ(0, read_buf_unused_offset_);
853
854 // Look for the start of the status line, if it hasn't been found yet.
855 if (response_header_start_offset_ < 0) {
856 response_header_start_offset_ = HttpUtil::LocateStartOfStatusLine(
857 read_buf_->StartOfBuffer(), read_buf_->offset());
858 }
859
860 if (response_header_start_offset_ >= 0) {
861 end_offset = HttpUtil::LocateEndOfHeaders(read_buf_->StartOfBuffer(),
862 read_buf_->offset(),
863 response_header_start_offset_);
864 } else if (read_buf_->offset() >= 8) {
865 // Enough data to decide that this is an HTTP/0.9 response.
866 // 8 bytes = (4 bytes of junk) + "http".length()
867 end_offset = 0;
868 }
869
870 if (end_offset == -1)
871 return -1;
872
873 int rv = DoParseResponseHeaders(end_offset);
874 if (rv < 0)
875 return rv;
876 return end_offset;
877 }
878
DoParseResponseHeaders(int end_offset)879 int HttpStreamParser::DoParseResponseHeaders(int end_offset) {
880 scoped_refptr<HttpResponseHeaders> headers;
881 DCHECK_EQ(0, read_buf_unused_offset_);
882
883 if (response_header_start_offset_ >= 0) {
884 received_bytes_ += end_offset;
885 headers = new HttpResponseHeaders(HttpUtil::AssembleRawHeaders(
886 read_buf_->StartOfBuffer(), end_offset));
887 } else {
888 // Enough data was read -- there is no status line.
889 headers = new HttpResponseHeaders(std::string("HTTP/0.9 200 OK"));
890 }
891
892 // Check for multiple Content-Length headers with no Transfer-Encoding header.
893 // If they exist, and have distinct values, it's a potential response
894 // smuggling attack.
895 if (!headers->HasHeader("Transfer-Encoding")) {
896 if (HeadersContainMultipleCopiesOfField(*headers.get(), "Content-Length"))
897 return ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_LENGTH;
898 }
899
900 // Check for multiple Content-Disposition or Location headers. If they exist,
901 // it's also a potential response smuggling attack.
902 if (HeadersContainMultipleCopiesOfField(*headers.get(),
903 "Content-Disposition"))
904 return ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_DISPOSITION;
905 if (HeadersContainMultipleCopiesOfField(*headers.get(), "Location"))
906 return ERR_RESPONSE_HEADERS_MULTIPLE_LOCATION;
907
908 response_->headers = headers;
909 response_->connection_info = HttpResponseInfo::CONNECTION_INFO_HTTP1;
910 response_->vary_data.Init(*request_, *response_->headers.get());
911 DVLOG(1) << __FUNCTION__ << "()"
912 << " content_length = \"" << response_->headers->GetContentLength()
913 << "\n\""
914 << " headers = \""
915 << GetResponseHeaderLines(*response_->headers.get()) << "\"";
916 return OK;
917 }
918
CalculateResponseBodySize()919 void HttpStreamParser::CalculateResponseBodySize() {
920 // Figure how to determine EOF:
921
922 // For certain responses, we know the content length is always 0. From
923 // RFC 2616 Section 4.3 Message Body:
924 //
925 // For response messages, whether or not a message-body is included with
926 // a message is dependent on both the request method and the response
927 // status code (section 6.1.1). All responses to the HEAD request method
928 // MUST NOT include a message-body, even though the presence of entity-
929 // header fields might lead one to believe they do. All 1xx
930 // (informational), 204 (no content), and 304 (not modified) responses
931 // MUST NOT include a message-body. All other responses do include a
932 // message-body, although it MAY be of zero length.
933 if (response_->headers->response_code() / 100 == 1) {
934 response_body_length_ = 0;
935 } else {
936 switch (response_->headers->response_code()) {
937 case 204: // No Content
938 case 205: // Reset Content
939 case 304: // Not Modified
940 response_body_length_ = 0;
941 break;
942 }
943 }
944 if (request_->method == "HEAD")
945 response_body_length_ = 0;
946
947 if (response_body_length_ == -1) {
948 // "Transfer-Encoding: chunked" trumps "Content-Length: N"
949 if (response_->headers->IsChunkEncoded()) {
950 chunked_decoder_.reset(new HttpChunkedDecoder());
951 } else {
952 response_body_length_ = response_->headers->GetContentLength();
953 // If response_body_length_ is still -1, then we have to wait
954 // for the server to close the connection.
955 }
956 }
957 }
958
GetUploadProgress() const959 UploadProgress HttpStreamParser::GetUploadProgress() const {
960 if (!request_->upload_data_stream)
961 return UploadProgress();
962
963 return UploadProgress(request_->upload_data_stream->position(),
964 request_->upload_data_stream->size());
965 }
966
IsResponseBodyComplete() const967 bool HttpStreamParser::IsResponseBodyComplete() const {
968 if (chunked_decoder_.get())
969 return chunked_decoder_->reached_eof();
970 if (response_body_length_ != -1)
971 return response_body_read_ >= response_body_length_;
972
973 return false; // Must read to EOF.
974 }
975
CanFindEndOfResponse() const976 bool HttpStreamParser::CanFindEndOfResponse() const {
977 return chunked_decoder_.get() || response_body_length_ >= 0;
978 }
979
IsMoreDataBuffered() const980 bool HttpStreamParser::IsMoreDataBuffered() const {
981 return read_buf_->offset() > read_buf_unused_offset_;
982 }
983
IsConnectionReused() const984 bool HttpStreamParser::IsConnectionReused() const {
985 ClientSocketHandle::SocketReuseType reuse_type = connection_->reuse_type();
986 return connection_->is_reused() ||
987 reuse_type == ClientSocketHandle::UNUSED_IDLE;
988 }
989
SetConnectionReused()990 void HttpStreamParser::SetConnectionReused() {
991 connection_->set_reuse_type(ClientSocketHandle::REUSED_IDLE);
992 }
993
IsConnectionReusable() const994 bool HttpStreamParser::IsConnectionReusable() const {
995 return connection_->socket() && connection_->socket()->IsConnectedAndIdle();
996 }
997
GetSSLInfo(SSLInfo * ssl_info)998 void HttpStreamParser::GetSSLInfo(SSLInfo* ssl_info) {
999 if (request_->url.SchemeIsSecure() && connection_->socket()) {
1000 SSLClientSocket* ssl_socket =
1001 static_cast<SSLClientSocket*>(connection_->socket());
1002 ssl_socket->GetSSLInfo(ssl_info);
1003 }
1004 }
1005
GetSSLCertRequestInfo(SSLCertRequestInfo * cert_request_info)1006 void HttpStreamParser::GetSSLCertRequestInfo(
1007 SSLCertRequestInfo* cert_request_info) {
1008 if (request_->url.SchemeIsSecure() && connection_->socket()) {
1009 SSLClientSocket* ssl_socket =
1010 static_cast<SSLClientSocket*>(connection_->socket());
1011 ssl_socket->GetSSLCertRequestInfo(cert_request_info);
1012 }
1013 }
1014
EncodeChunk(const base::StringPiece & payload,char * output,size_t output_size)1015 int HttpStreamParser::EncodeChunk(const base::StringPiece& payload,
1016 char* output,
1017 size_t output_size) {
1018 if (output_size < payload.size() + kChunkHeaderFooterSize)
1019 return ERR_INVALID_ARGUMENT;
1020
1021 char* cursor = output;
1022 // Add the header.
1023 const int num_chars = base::snprintf(output, output_size,
1024 "%X\r\n",
1025 static_cast<int>(payload.size()));
1026 cursor += num_chars;
1027 // Add the payload if any.
1028 if (payload.size() > 0) {
1029 memcpy(cursor, payload.data(), payload.size());
1030 cursor += payload.size();
1031 }
1032 // Add the trailing CRLF.
1033 memcpy(cursor, "\r\n", 2);
1034 cursor += 2;
1035
1036 return cursor - output;
1037 }
1038
1039 // static
ShouldMergeRequestHeadersAndBody(const std::string & request_headers,const UploadDataStream * request_body)1040 bool HttpStreamParser::ShouldMergeRequestHeadersAndBody(
1041 const std::string& request_headers,
1042 const UploadDataStream* request_body) {
1043 if (request_body != NULL &&
1044 // IsInMemory() ensures that the request body is not chunked.
1045 request_body->IsInMemory() &&
1046 request_body->size() > 0) {
1047 size_t merged_size = request_headers.size() + request_body->size();
1048 if (merged_size <= kMaxMergedHeaderAndBodySize)
1049 return true;
1050 }
1051 return false;
1052 }
1053
1054 } // namespace net
1055