279 Commits

Author SHA1 Message Date
Nick Mathewson
95060b54fe Make URI parser able to tolerate nonconformant URIs.
If the EVHTTP_URI_NONCONFORMANT flag is passed in (which it is when
parsing URIs we get over the wire), then we relax our checks a lot.
Specifically, we do nothing to check for correct characters in the
path, query, and fragment parts of such a URI.

We could do much more here: we could relax our hostname requirements,
deal with spaces differently/better, trap some errors but not others,
etc.  But this should solve the worst user-agent compatibility issues
for now; the other issues can wait for a later release.
2011-02-13 00:41:22 -05:00
Jardel Weyrich
3f8d22a123 Use event_err() only if the failure is truly unrecoverable. 2011-01-07 13:03:32 -05:00
Jardel Weyrich
666b096691 Detect and handle more allocation failures. 2011-01-07 13:03:31 -05:00
Nick Mathewson
bb0d2b4e85 Consistentize tabs 2010-12-09 11:47:54 -05:00
Nick Mathewson
22f4af6580 Remove end-of-line whitespace 2010-12-09 11:43:12 -05:00
Nick Mathewson
7011f9ec1f Fix a signed/unsigned comparison in the last commit 2010-12-07 11:45:14 -05:00
Constantine Verutin
d23839fc6e Reject overlong http requests early when Expect:100-continue is set 2010-12-07 11:43:52 -05:00
Nick Mathewson
04861d5e62 Correctly detect timeouts during http connects 2010-11-30 00:05:54 -05:00
Nick Mathewson
0faaa39592 Try to fix an assertion failure related to close detection
f700566c removed a line from evhttp_connection_stop_detectclose that
cleared the EVHTTP_CON_CLOSEDETECT flag.  I think this was an
accident, and suspect that it may be the cause of bug 3069555.
2010-11-29 22:44:18 -05:00
Christopher Davis
fa9305f8f5 Preliminary support for Continue expectation in evhttp. 2010-11-29 18:25:04 -08:00
Nick Mathewson
a12839b083 Merge remote branch 'chrisd/http_fixes2' 2010-11-29 14:25:33 -05:00
Christopher Davis
aab8c38b76 Add evhttp server alias interface, correct flagging of proxy requests.
evhttp needs to be mindful of all hostnames and addresses that clients
use to contact the main server and vhosts to know the difference between
proxy requests and non-proxy requests.
2010-11-26 03:58:28 -08:00
Nick Mathewson
ec5c5aec6d Handle evhttp PUT/POST requests with an empty body
When we call evhttp_get_bodylen() [when transfer-encoding isn't set],
having req->ntoread == -1 means that we have no content-length.  But a
request with no content-length has no body!  We were treating the
absent content-length as meaning "read till closed", which only holds
for replies, not requests.

This patch also allows PATCH requests to have a body.
2010-11-23 20:31:28 -05:00
Nick Mathewson
8faf223ac5 Fix a memory leak in evhttp_uri_free. 2010-11-17 00:09:10 -05:00
Nick Mathewson
5c8a59e886 Merge remote branches 'github/20_evdns_cancel_segfault_v2', 'github/20_http_close_detect', 'github/20_http_versions', 'github/20_more_http_methods', 'github/20_shutdown_iocp_listener' and 'github/20_win64_fixes' 2010-11-09 10:19:05 -05:00
Nick Mathewson
a38140be18 Refactor http version parsing into a single function
Based on a suggestion by Chris Davis to make
evhttp_parse_response_line tolerate odd versions too.
2010-11-09 10:14:32 -05:00
Nick Mathewson
05124879d3 Never call evhttp_readcb while writing. 2010-11-04 14:05:08 -04:00
Felix Nawothnig
c76640b5c2 Don't disable reading from the HTTP connection after sending the request to be notified of connection-close in time 2010-11-04 14:01:26 -04:00
Nick Mathewson
536311a46b evhttp: Return 501 when we get an unrecognized method, not 400. 2010-11-04 12:39:41 -04:00
Nick Mathewson
f5b391e22e Tweak interface for allowed methods 2010-11-04 11:53:36 -04:00
Felix Nawothnig
75a73414a4 Define enumerators for all HTTP methods, including PATCH from RFC5789
This patch defines enumerators for all HTTP methods that exist
(including PATCH introduced in RFC 5789).

It also makes them bit-masky (that's not a word, is it?), breaking
binary- but not source-code compatibility.

evhttp now stores a bitmask specifying for which methods requests to
dispatch and which ones to reject with "405 Method Not Allowed".

By default that's the ones we currently have (GET, POST, HEAD, PUT,
DELETE), thereby keeping functional compatibility (besides the minor
change that one of the other methods will now cause 405 instead of
400. But I believe that could even be considered a bug-fix).

evhttp is extended by evhttp_set_allowed_methods() with which the
user can change that bitmask.

no regressions here and my test-app still works. Haven't yet
actually tested any of the new methods.

What's obviously missing here is the special logic for the methods:

OPTIONS: We should be fine here - I believe our current dispatch
logic should work fine. Some convenience functions would be fine
though.

TRACE: I'm pretty certain we should never dispatch this to the
callbacks and simply implement the necessary functionality built-in.

CONNECT: Pretty straight-forward to implement (and considering the
framework in which we implement it very efficient too). Should
probably go built-in.

PATCH: Except for checking the RFC against our pre-dispatch logic
(there just might be some "MUST not have Some-Header" lurking
somewhere) there is nothing to be done here, this is completely up
to the user. Nothing to do.
2010-11-04 11:53:36 -04:00
Nick Mathewson
78762383b7 Merge branch 'http_nolegacy_v2' 2010-11-03 15:18:34 -04:00
Nick Mathewson
22e0a9b2e8 Add evhttp_response_code to remove one more reason to include http_struct.h 2010-11-03 15:12:08 -04:00
Nick Mathewson
647e094ca2 Replace exact-version checks for HTTP/1.1 with >= or < checks 2010-11-02 15:19:12 -04:00
Joachim Bauch
aa5f55face reset "chunked" flag when sending non-chunked reply 2010-11-02 13:50:57 -04:00
Nick Mathewson
74a91e5aaf fix signed/unsigned warnings in http.c 2010-11-01 14:16:39 -04:00
Nick Mathewson
545a61145c Fix even more win64 warnings: buffer, event_tagging, http, evdns, evrpc 2010-11-01 14:13:33 -04:00
Nick Mathewson
84a7053e41 Merge remote branch 'github/20_http_read_after_write' 2010-10-26 21:33:22 -04:00
Nick Mathewson
a4063c06f9 Note that 2.0.9 will break the ABI, and make changes we were postponing.
We had to turn a couple of 32-bit size arguments into 64-bit arguments
or size_t arguments (since otherwise we would have had to do it post
2.0.x-stable, and that would be worse).
2010-10-26 10:38:30 -04:00
Nick Mathewson
74c0e86298 Avoid missed-request bug when entire http request arrives before data is flushed
The trigger for starting to read the first line of a request used to
be, "When data has arrived and we're looking for the first line."
But that's not good enough: if the entire next request gets read
into our bufev->inbuf while we're still processing the current
request, we'll never see any more data arrive, and so will never
process it.

So the fix is to make sure that whenever we hit evhttp_send_done, we
call evhttp_read_cb.  We can't call it directly, though, since
evhttp_send_done is reachable from the user API, and evhttp_read_cb
can invoke user functions, and we don't want to force everyone to
have reentrant callbacks.  So, we use a deferred_cb.

Found by Ivan Andropov.  This is bug 3008344.
2010-10-25 21:53:15 -04:00
Nick Mathewson
8e342e5630 Correctly count req->body_size on http usage without Content-Length
There was a dumb bug where we would look at the length of the input
buffer immediately _after_ we drained it.
2010-10-25 16:09:11 -04:00
Nick Mathewson
58a1cc6bc8 Fix a bug where we would read too much data in HTTP bodies or requests.
We were using evbuffer_add_buffer, which moved the entire buffer
contents.  But if we had a valid content_length, we only wanted to
move up to the amount of data remaining in ntoread.  Our bug would
make us put our ntoread in the negative, which would in turn make us
read all data until the connection closed.

Found by Denis Bilenko.  Should fix bug 2963172.
2010-10-25 16:00:47 -04:00
Nick Mathewson
525da3e1eb Fix Content-Length when trying send more than 100GB of data (!) on an evhttp. 2010-10-25 15:50:54 -04:00
Nick Mathewson
006efa7dbb Functions to actually use evhttp_bound_socket with/as evconnlistener. 2010-10-25 11:50:51 -04:00
Nick Mathewson
bf11e7ddf7 Merge branch 'http_uri_parse' 2010-10-21 15:33:13 -04:00
Nick Mathewson
45f6869c75 Make evhttp_uri non-public, and give it accessor functions. 2010-10-21 14:52:52 -04:00
Nick Mathewson
2a3b5872fe Merge branch 'http_small_tweaks'
Conflicts:
	http-internal.h
2010-10-21 12:23:10 -04:00
Nick Mathewson
cd00079b22 Add evhttp_connection_get_base() to get the event_base from an http connection
Based on a patch by Mark Ellzey from 27 July 2010.

Closes ticket 3052406
2010-10-21 12:19:28 -04:00
Nick Mathewson
2075fbcff0 Add evhttp_parse_query_str to be used with evhttp_uri_parse.
The old evhttp_parse_query() doesn't work well with struct
evhttp_uri.query, since it expects to get whole URIs, rather than
just the query portion.
2010-10-19 13:15:48 -04:00
Nick Mathewson
a5a76e689c Add a huge pile of tests for the new URI functions, and make them pass. 2010-10-19 12:35:50 -04:00
Nick Mathewson
eaa5f1d9ed Revise evhttp_uri_parse implementation to handle more of RFC3986 2010-10-19 11:26:59 -04:00
Nick Mathewson
fadbfd4e6e Clean up error handling in uri_parse a little 2010-10-18 14:43:54 -04:00
Nick Mathewson
7d45431e15 Do not silently truncate URIs in evhttp_uri_join. Also avoid evbuffer_pullup. 2010-10-18 14:38:48 -04:00
Nick Mathewson
86212341c5 Make evhttp_uri_parse and friends conform to memory management standards 2010-10-18 14:34:20 -04:00
Pavel Plesov
86dd720a66 Introduce absolute URI parsing helpers.
See evhttp_uri_parse(), evhttp_uri_free() and evhttp_uri_join() for details.
2010-10-18 14:30:29 -04:00
Nick Mathewson
49f4bf7c57 Add evhttp_request_get_command so code can tell GET from POST without peeking at the struct. 2010-10-18 13:58:02 -04:00
Nick Mathewson
a8148cedcd New evhttp_uri(encode|decode) functions to handle + and NUL characters right
The old evhttp_decode_uri() function would act as tough it was doing
an (illegal, undefined) decode operation on a whole URL at once, and
treat + characters following a ? as different from + characters
preceding one.  But that's not useful: If you are decoding a URI
before splitting off query parameters, you are begging to fail as soon
as somebody gives you a value with an encoded & in it.

The new evhttp_uridecode() function takes an argument that says
whether to decode + signs.  Both uridecode and uriencode also now
support encoding or decoding to strings with internal 0-valued
characters.
2010-10-08 23:58:00 -04:00
Nick Mathewson
2e63a604da evhttp_encode_uri encodes all reserved characters, including !$'()*+,/:=@
Perviously, some characters not listed as "unreserved" by RFC 3986
(notably "!$'()*+,/:=@") were not encoded by evhttp_encode_uri.  This
made trouble, especially when encoding path components (where @ and /
are bad news) and parameters (where + should get encoded so it doesn't
later decode into a space).

Spotted by Bas Verhoeven.
2010-10-08 12:57:11 -04:00
Nick Mathewson
3b84489385 Tweak evhttp_parse_query hack to avoid breaking abi 2010-10-06 12:35:38 -04:00
Nick Mathewson
b1756d019d Let evhttp_parse_query return -1 on failure
We already detected certain malformed queries, but we responded by
aborting the query-parsing process half-way through without telling
the user.  Now, if query-parsing fails, no headers are returned, and
evhttp_parse_query returns -1.
2010-10-06 12:30:17 -04:00