HTP  0.5
htp_private.h
Go to the documentation of this file.
1 /***************************************************************************
2  * Copyright (c) 2009-2010 Open Information Security Foundation
3  * Copyright (c) 2010-2013 Qualys, Inc.
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions are
8  * met:
9  *
10  * - Redistributions of source code must retain the above copyright
11  * notice, this list of conditions and the following disclaimer.
12 
13  * - Redistributions in binary form must reproduce the above copyright
14  * notice, this list of conditions and the following disclaimer in the
15  * documentation and/or other materials provided with the distribution.
16 
17  * - Neither the name of the Qualys, Inc. nor the names of its
18  * contributors may be used to endorse or promote products derived from
19  * this software without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
24  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
25  * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
26  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
27  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
31  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32  ***************************************************************************/
33 
39 #ifndef _HTP_PRIVATE_H
40 #define _HTP_PRIVATE_H
41 
42 #ifdef __cplusplus
43 extern "C" {
44 #endif
45 
46 #if defined(__cplusplus) && !defined(__STDC_FORMAT_MACROS)
47 /* C99 requires that inttypes.h only exposes PRI* macros
48  * for C++ implementations if this is defined: */
49 #define __STDC_FORMAT_MACROS
50 #endif
51 
52 #include <ctype.h>
53 #include <errno.h>
54 #include <iconv.h>
55 #include <inttypes.h>
56 #include <stdarg.h>
57 #include <stdio.h>
58 #include <stdlib.h>
59 #include <unistd.h>
60 #include <sys/types.h>
61 #include <sys/stat.h>
62 
63 #include "htp.h"
64 #include "htp_config_private.h"
66 #include "htp_connection_private.h"
67 #include "htp_list_private.h"
68 #include "htp_multipart_private.h"
69 #include "htp_table_private.h"
70 
71 #ifndef CR
72 #define CR '\r'
73 #endif
74 
75 #ifndef LF
76 #define LF '\n'
77 #endif
78 
79 #define HTP_FIELD_LIMIT_HARD 18000
80 #define HTP_FIELD_LIMIT_SOFT 9000
81 
82 #define HTP_VALID_STATUS_MIN 100
83 #define HTP_VALID_STATUS_MAX 999
84 
85 // Parser states, in the order in which they are
86 // used as a single transaction is processed.
87 
103 
114 
115 // Parsing functions
116 
119 htp_status_t htp_parse_request_header_generic(htp_connp_t *connp, htp_header_t *h, unsigned char *data, size_t len);
120 htp_status_t htp_process_request_header_generic(htp_connp_t *, unsigned char *data, size_t len);
121 
123 htp_status_t htp_process_request_header_apache_2_2(htp_connp_t *, unsigned char *data, size_t len);
124 
126 htp_status_t htp_parse_response_header_generic(htp_connp_t *connp, htp_header_t *h, unsigned char *data, size_t len);
127 htp_status_t htp_process_response_header_generic(htp_connp_t *connp, unsigned char *data, size_t len);
128 
129 
130 // Private transaction functions
131 
133 
134 
135 // Utility functions
136 
138 int htp_is_lws(int c);
139 int htp_is_separator(int c);
140 int htp_is_text(int c);
141 int htp_is_token(int c);
142 int htp_chomp(unsigned char *data, size_t *len);
143 int htp_is_space(int c);
144 
145 int htp_parse_protocol(bstr *protocol);
146 
147 int htp_is_line_empty(unsigned char *data, size_t len);
148 int htp_is_line_whitespace(unsigned char *data, size_t len);
149 
150 int htp_connp_is_line_folded(unsigned char *data, size_t len);
151 int htp_is_folding_char(int c);
152 int htp_connp_is_line_terminator(htp_connp_t *connp, unsigned char *data, size_t len);
153 int htp_connp_is_line_ignorable(htp_connp_t *connp, unsigned char *data, size_t len);
154 
155 int htp_parse_uri(bstr *input, htp_uri_t **uri);
156 htp_status_t htp_parse_hostport(bstr *authority, bstr **hostname, bstr **port, int *port_number, int *invalid);
157 htp_status_t htp_parse_header_hostport(bstr *authority, bstr **hostname, bstr **port, int *port_number, uint64_t *flags);
158 int htp_validate_hostname(bstr *hostname);
159 int htp_parse_uri_hostport(htp_connp_t *connp, bstr *input, htp_uri_t *uri);
160 int htp_normalize_parsed_uri(htp_tx_t *tx, htp_uri_t *parsed_uri_incomplete, htp_uri_t *parsed_uri);
162 void htp_replace_hostname(htp_connp_t *connp, htp_uri_t *parsed_uri, bstr *hostname);
163 int htp_is_uri_unreserved(unsigned char c);
164 
165 int htp_decode_path_inplace(htp_tx_t *tx, bstr *path);
166 
167  int htp_prenormalize_uri_path_inplace(bstr *s, int *flags, int case_insensitive, int backslash, int decode_separators, int remove_consecutive);
169 
170 void htp_utf8_decode_path_inplace(htp_cfg_t *cfg, htp_tx_t *tx, bstr *path);
171 void htp_utf8_validate_path(htp_tx_t *tx, bstr *path);
172 
173 int64_t htp_parse_content_length(bstr *b);
174 int64_t htp_parse_chunked_length(unsigned char *data, size_t len);
175 int64_t htp_parse_positive_integer_whitespace(unsigned char *data, size_t len, int base);
176 int htp_parse_status(bstr *status);
178 int htp_parse_authorization_basic(htp_connp_t *connp, htp_header_t *auth_header);
179 
180 void htp_print_log(FILE *stream, htp_log_t *log);
181 
182 void fprint_bstr(FILE *stream, const char *name, bstr *b);
183 void fprint_raw_data(FILE *stream, const char *name, const void *data, size_t len);
184 void fprint_raw_data_ex(FILE *stream, const char *name, const void *data, size_t offset, size_t len);
185 
190 
192 
193 int htp_treat_response_line_as_body(const uint8_t *data, size_t len);
194 
197 
203 
205 
206 int htp_transcode_params(htp_connp_t *connp, htp_table_t **params, int destroy_old);
207 int htp_transcode_bstr(iconv_t cd, bstr *input, bstr **output);
208 
209 int htp_parse_single_cookie_v0(htp_connp_t *connp, unsigned char *data, size_t len);
212 
213 htp_status_t htp_extract_quoted_string_as_bstr(unsigned char *data, size_t len, bstr **out, size_t *endoffset);
214 
215 htp_header_t *htp_connp_header_parse(htp_connp_t *, unsigned char *, size_t);
216 
218 
221 
223 
225 
227 
228 void htp_connp_tx_remove(htp_connp_t *connp, htp_tx_t *tx);
229 
231 
232 htp_status_t htp_tx_req_process_body_data_ex(htp_tx_t *tx, const void *data, size_t len);
233 htp_status_t htp_tx_res_process_body_data_ex(htp_tx_t *tx, const void *data, size_t len);
234 
237 
239 
240 #ifndef HAVE_STRLCAT
241 size_t strlcat(char *dst, const char *src, size_t size);
242 #endif
243 
244 #ifndef HAVE_STRLCPY
245 size_t strlcpy(char *dst, const char *src, size_t size);
246 #endif
247 
248 #ifdef __cplusplus
249 }
250 #endif
251 
252 #endif /* _HTP_PRIVATE_H */
253 
Definition: htp_config_private.h:123
htp_status_t htp_connp_RES_HEADERS(htp_connp_t *connp)
Definition: htp_response.c:729
int htp_parse_single_cookie_v0(htp_connp_t *connp, unsigned char *data, size_t len)
Definition: htp_cookies.c:51
int htp_connp_is_line_terminator(htp_connp_t *connp, unsigned char *data, size_t len)
Definition: htp_util.c:440
htp_status_t htp_ch_multipart_callback_request_body_data(htp_tx_data_t *d)
Definition: htp_content_handlers.c:193
htp_status_t htp_connp_RES_FINALIZE(htp_connp_t *connp)
Definition: htp_response.c:974
Definition: htp.h:171
htp_status_t htp_parse_request_header_generic(htp_connp_t *connp, htp_header_t *h, unsigned char *data, size_t len)
Definition: htp_request_generic.c:111
htp_status_t htp_connp_RES_BODY_DETERMINE(htp_connp_t *connp)
Definition: htp_response.c:521
int htp_is_folding_char(int c)
Definition: htp_util.c:427
htp_header_t * htp_connp_header_parse(htp_connp_t *, unsigned char *, size_t)
int htp_transcode_bstr(iconv_t cd, bstr *input, bstr **output)
Definition: htp_transcoder.c:143
int htp_is_uri_unreserved(unsigned char c)
int htp_parse_authorization_digest(htp_connp_t *connp, htp_header_t *auth_header)
Definition: htp_parsers.c:97
int htp_chomp(unsigned char *data, size_t *len)
Definition: htp_util.c:125
int64_t htp_parse_positive_integer_whitespace(unsigned char *data, size_t len, int base)
Definition: htp_util.c:307
bstr * htp_unparse_uri_noencode(htp_uri_t *uri)
Definition: htp_util.c:2238
int64_t htp_parse_chunked_length(unsigned char *data, size_t len)
Definition: htp_util.c:266
htp_status_t htp_connp_REQ_FINALIZE(htp_connp_t *connp)
Definition: htp_request.c:794
int htp_connp_is_line_ignorable(htp_connp_t *connp, unsigned char *data, size_t len)
Definition: htp_util.c:469
void htp_connp_tx_remove(htp_connp_t *connp, htp_tx_t *tx)
Definition: htp_connection_parser.c:210
htp_status_t htp_tx_state_response_complete_ex(htp_tx_t *tx, int hybrid_mode)
Definition: htp_transaction.c:1041
htp_status_t htp_parse_request_line_apache_2_2(htp_connp_t *connp)
Definition: htp_request_apache_2_2.c:62
htp_status_t htp_extract_quoted_string_as_bstr(unsigned char *data, size_t len, bstr **out, size_t *endoffset)
Definition: htp_util.c:2444
Definition: htp.h:569
htp_status_t htp_req_run_hook_body_data(htp_connp_t *connp, htp_tx_data_t *d)
Definition: htp_util.c:2383
int htp_is_line_empty(unsigned char *data, size_t len)
Definition: htp_util.c:219
htp_status_t htp_connp_REQ_HEADERS(htp_connp_t *connp)
Definition: htp_request.c:616
void htp_utf8_decode_path_inplace(htp_cfg_t *cfg, htp_tx_t *tx, bstr *path)
Definition: htp_util.c:912
htp_status_t htp_parse_request_line_generic(htp_connp_t *connp)
Definition: htp_request_generic.c:247
int htp_tx_is_complete(htp_tx_t *tx)
Definition: htp_transaction.c:1371
htp_status_t htp_connp_REQ_CONNECT_WAIT_RESPONSE(htp_connp_t *connp)
Definition: htp_request.c:384
char * htp_connp_out_state_as_string(htp_connp_t *connp)
Definition: htp_util.c:2173
int htp_parse_status(bstr *status)
Definition: htp_parsers.c:87
int htp_normalize_parsed_uri(htp_tx_t *tx, htp_uri_t *parsed_uri_incomplete, htp_uri_t *parsed_uri)
Definition: htp_util.c:1719
htp_status_t htp_connp_REQ_LINE_complete(htp_connp_t *connp)
Definition: htp_request.c:731
int htp_is_token(int c)
Definition: htp_util.c:110
htp_status_t htp_ch_urlencoded_callback_request_body_data(htp_tx_data_t *d)
Definition: htp_content_handlers.c:50
htp_status_t htp_connp_REQ_CONNECT_PROBE_DATA(htp_connp_t *connp)
Definition: htp_request.c:317
int htp_is_lws(int c)
Definition: htp_util.c:49
void htp_print_log(FILE *stream, htp_log_t *log)
htp_status_t htp_connp_RES_BODY_IDENTITY_STREAM_CLOSE(htp_connp_t *connp)
Definition: htp_response.c:489
void htp_connp_destroy_decompressors(htp_connp_t *connp)
Definition: htp_transaction.c:759
htp_status_t htp_connp_REQ_LINE(htp_connp_t *connp)
Definition: htp_request.c:780
htp_status_t htp_connp_REQ_BODY_IDENTITY(htp_connp_t *connp)
Definition: htp_request.c:534
int htp_treat_response_line_as_body(const uint8_t *data, size_t len)
Definition: htp_util.c:2360
htp_status_t htp_connp_REQ_IDLE(htp_connp_t *connp)
Definition: htp_request.c:821
void htp_replace_hostname(htp_connp_t *connp, htp_uri_t *parsed_uri, bstr *hostname)
htp_status_t htp_connp_REQ_BODY_CHUNKED_LENGTH(htp_connp_t *connp)
Definition: htp_request.c:482
int htp_is_separator(int c)
Definition: htp_util.c:60
size_t strlcpy(char *dst, const char *src, size_t size)
Definition: strlcpy.c:48
Definition: bstr.h:57
htp_status_t htp_ch_urlencoded_callback_request_headers(htp_tx_t *tx)
Definition: htp_content_handlers.c:103
int htp_status_t
Definition: htp_core.h:46
htp_status_t htp_tx_finalize(htp_tx_t *tx)
Definition: htp_transaction.c:1024
void htp_utf8_validate_path(htp_tx_t *tx, bstr *path)
Definition: htp_util.c:1022
htp_status_t htp_parse_response_line_generic(htp_connp_t *connp)
Definition: htp_response_generic.c:49
htp_status_t htp_parse_response_header_generic(htp_connp_t *connp, htp_header_t *h, unsigned char *data, size_t len)
Definition: htp_response_generic.c:124
htp_status_t htp_process_request_header_apache_2_2(htp_connp_t *, unsigned char *data, size_t len)
Definition: htp_request_apache_2_2.c:52
Definition: htp.h:185
htp_status_t htp_connp_RES_IDLE(htp_connp_t *connp)
Definition: htp_response.c:985
htp_status_t htp_connp_res_receiver_finalize_clear(htp_connp_t *connp)
Definition: htp_response.c:117
void htp_tx_destroy_incomplete(htp_tx_t *tx)
Definition: htp_transaction.c:118
size_t strlcat(char *dst, const char *src, size_t size)
Definition: strlcat.c:50
htp_status_t htp_res_run_hook_body_data(htp_connp_t *connp, htp_tx_data_t *d)
Definition: htp_util.c:2420
int htp_transcode_params(htp_connp_t *connp, htp_table_t **params, int destroy_old)
Definition: htp_transcoder.c:50
int htp_parse_protocol(bstr *protocol)
Definition: htp_parsers.c:51
htp_status_t htp_parse_header_hostport(bstr *authority, bstr **hostname, bstr **port, int *port_number, uint64_t *flags)
Definition: htp_util.c:638
htp_status_t htp_php_parameter_processor(htp_param_t *p)
Definition: htp_php.c:52
int htp_convert_method_to_number(bstr *)
Definition: htp_util.c:174
int htp_parse_authorization_basic(htp_connp_t *connp, htp_header_t *auth_header)
Definition: htp_parsers.c:120
char * htp_connp_in_state_as_string(htp_connp_t *connp)
Definition: htp_util.c:2150
int htp_is_space(int c)
Definition: htp_util.c:154
int htp_prenormalize_uri_path_inplace(bstr *s, int *flags, int case_insensitive, int backslash, int decode_separators, int remove_consecutive)
htp_status_t htp_connp_REQ_BODY_CHUNKED_DATA_END(htp_connp_t *connp)
Definition: htp_request.c:413
int htp_decode_path_inplace(htp_tx_t *tx, bstr *path)
Definition: htp_util.c:1215
void htp_normalize_uri_path_inplace(bstr *s)
Definition: htp_util.c:1965
htp_status_t htp_parse_hostport(bstr *authority, bstr **hostname, bstr **port, int *port_number, int *invalid)
Definition: htp_util.c:510
htp_status_t htp_connp_RES_BODY_CHUNKED_LENGTH(htp_connp_t *connp)
Definition: htp_response.c:384
htp_status_t htp_parse_ct_header(bstr *header, bstr **ct)
Definition: htp_util.c:2510
Definition: htp_connection_parser_private.h:51
void fprint_raw_data(FILE *stream, const char *name, const void *data, size_t len)
Definition: htp_util.c:2076
htp_status_t htp_connp_REQ_PROTOCOL(htp_connp_t *connp)
Definition: htp_request.c:710
int htp_validate_hostname(bstr *hostname)
Definition: htp_util.c:2539
int htp_parse_uri(bstr *input, htp_uri_t **uri)
Definition: htp_util.c:664
htp_status_t htp_connp_REQ_BODY_CHUNKED_DATA(htp_connp_t *connp)
Definition: htp_request.c:437
htp_status_t htp_connp_req_receiver_finalize_clear(htp_connp_t *connp)
Definition: htp_request.c:131
htp_status_t htp_tx_state_request_complete_partial(htp_tx_t *tx)
Definition: htp_transaction.c:859
int htp_connp_is_line_folded(unsigned char *data, size_t len)
Definition: htp_util.c:422
htp_status_t htp_connp_REQ_BODY_DETERMINE(htp_connp_t *connp)
Definition: htp_request.c:573
int htp_parse_authorization(htp_connp_t *connp)
Definition: htp_parsers.c:163
htp_status_t htp_ch_urlencoded_callback_request_line(htp_tx_t *tx)
Definition: htp_content_handlers.c:136
htp_status_t htp_parse_cookies_v0(htp_connp_t *connp)
Definition: htp_cookies.c:88
htp_status_t htp_connp_RES_LINE(htp_connp_t *connp)
Definition: htp_response.c:853
htp_status_t htp_connp_REQ_CONNECT_CHECK(htp_connp_t *connp)
Definition: htp_request.c:291
int htp_is_line_whitespace(unsigned char *data, size_t len)
Definition: htp_util.c:234
void fprint_raw_data_ex(FILE *stream, const char *name, const void *data, size_t offset, size_t len)
Definition: htp_util.c:2083
Definition: htp_table_private.h:63
int64_t htp_parse_content_length(bstr *b)
Definition: htp_util.c:253
htp_status_t htp_tx_req_process_body_data_ex(htp_tx_t *tx, const void *data, size_t len)
Definition: htp_transaction.c:571
htp_status_t htp_connp_RES_BODY_CHUNKED_DATA_END(htp_connp_t *connp)
Definition: htp_response.c:289
htp_status_t htp_connp_REQ_IGNORE_DATA_AFTER_HTTP_0_9(htp_connp_t *connp)
Definition: htp_request.c:798
htp_status_t htp_process_request_header_generic(htp_connp_t *, unsigned char *data, size_t len)
Definition: htp_request_generic.c:52
void fprint_bstr(FILE *stream, const char *name, bstr *b)
Definition: htp_util.c:2064
Definition: htp.h:545
int htp_parse_uri_hostport(htp_connp_t *connp, bstr *input, htp_uri_t *uri)
Definition: htp_util.c:609
int htp_is_text(int c)
Definition: htp_util.c:98
htp_status_t htp_tx_urldecode_uri_inplace(htp_tx_t *tx, bstr *input)
Definition: htp_util.c:1479
htp_status_t htp_tx_urldecode_params_inplace(htp_tx_t *tx, bstr *input)
Definition: htp_util.c:1499
htp_status_t htp_process_response_header_generic(htp_connp_t *connp, unsigned char *data, size_t len)
Definition: htp_response_generic.c:239
htp_status_t htp_connp_RES_BODY_IDENTITY_CL_KNOWN(htp_connp_t *connp)
Definition: htp_response.c:451
bstr * htp_normalize_hostname_inplace(bstr *input)
Definition: htp_util.c:1818
char * htp_tx_request_progress_as_string(htp_tx_t *tx)
Definition: htp_util.c:2193
Definition: htp.h:208
char * htp_tx_response_progress_as_string(htp_tx_t *tx)
Definition: htp_util.c:2217
htp_status_t htp_parse_request_line_generic_ex(htp_connp_t *connp, int nul_terminates)
Definition: htp_request_generic.c:251
htp_status_t htp_connp_RES_BODY_CHUNKED_DATA(htp_connp_t *connp)
Definition: htp_response.c:314
htp_status_t htp_tx_res_process_body_data_ex(htp_tx_t *tx, const void *data, size_t len)
Definition: htp_transaction.c:802
htp_status_t htp_ch_multipart_callback_request_headers(htp_tx_t *tx)
Definition: htp_content_handlers.c:244
Definition: htp.h:145