1 /* Licensed to the Apache Software Foundation (ASF) under one or more
2 * contributor license agreements. See the NOTICE file distributed with
3 * this work for additional information regarding copyright ownership.
4 * The ASF licenses this file to You under the Apache License, Version 2.0
5 * (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 /*
18 * mod_request.c --- HTTP routines to set aside or process request bodies.
19 */
20
21 #include "apr.h"
22 #include "apr_strings.h"
23 #include "apr_buckets.h"
24 #include "apr_lib.h"
25
26 #include "ap_config.h"
27 #include "httpd.h"
28 #include "http_config.h"
29 #include "http_protocol.h"
30 #include "http_log.h" /* For errors detected in basic auth common
31 * support code... */
32 #include "http_request.h"
33
34 #include "mod_request.h"
35
36 /* Handles for core filters */
37 static ap_filter_rec_t *keep_body_input_filter_handle;
38 static ap_filter_rec_t *kept_body_input_filter_handle;
39
bail_out_on_error(apr_bucket_brigade * bb,ap_filter_t * f,int http_error)40 static apr_status_t bail_out_on_error(apr_bucket_brigade *bb,
41 ap_filter_t *f,
42 int http_error)
43 {
44 apr_bucket *e;
45
46 apr_brigade_cleanup(bb);
47 e = ap_bucket_error_create(http_error,
48 NULL, f->r->pool,
49 f->c->bucket_alloc);
50 APR_BRIGADE_INSERT_TAIL(bb, e);
51 e = apr_bucket_eos_create(f->c->bucket_alloc);
52 APR_BRIGADE_INSERT_TAIL(bb, e);
53 return ap_pass_brigade(f->r->output_filters, bb);
54 }
55
56 typedef struct keep_body_filter_ctx {
57 apr_off_t remaining;
58 apr_off_t keep_body;
59 } keep_body_ctx_t;
60
61 /**
62 * This is the KEEP_BODY_INPUT filter for HTTP requests, for times when the
63 * body should be set aside for future use by other modules.
64 */
keep_body_filter(ap_filter_t * f,apr_bucket_brigade * b,ap_input_mode_t mode,apr_read_type_e block,apr_off_t readbytes)65 static apr_status_t keep_body_filter(ap_filter_t *f, apr_bucket_brigade *b,
66 ap_input_mode_t mode,
67 apr_read_type_e block,
68 apr_off_t readbytes)
69 {
70 apr_bucket *e;
71 keep_body_ctx_t *ctx = f->ctx;
72 apr_status_t rv;
73 apr_bucket *bucket;
74 apr_off_t len = 0;
75
76 if (!ctx) {
77 const char *lenp;
78 request_dir_conf *dconf = ap_get_module_config(f->r->per_dir_config,
79 &request_module);
80
81 /* must we step out of the way? */
82 if (!dconf->keep_body || f->r->kept_body) {
83 ap_remove_input_filter(f);
84 return ap_get_brigade(f->next, b, mode, block, readbytes);
85 }
86
87 f->ctx = ctx = apr_pcalloc(f->r->pool, sizeof(*ctx));
88
89 /* fail fast if the content length exceeds keep body */
90 lenp = apr_table_get(f->r->headers_in, "Content-Length");
91 if (lenp) {
92
93 /* Protects against over/underflow, non-digit chars in the
94 * string, leading plus/minus signs, trailing characters and
95 * a negative number.
96 */
97 if (!ap_parse_strict_length(&ctx->remaining, lenp)) {
98 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, f->r, APLOGNO(01411)
99 "Invalid Content-Length '%s'", lenp);
100
101 ap_remove_input_filter(f);
102 return bail_out_on_error(b, f, HTTP_REQUEST_ENTITY_TOO_LARGE);
103 }
104
105 /* If we have a limit in effect and we know the C-L ahead of
106 * time, stop it here if it is invalid.
107 */
108 if (dconf->keep_body < ctx->remaining) {
109 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, f->r, APLOGNO(01412)
110 "Requested content-length of %" APR_OFF_T_FMT
111 " is larger than the configured limit"
112 " of %" APR_OFF_T_FMT, ctx->remaining, dconf->keep_body);
113 ap_remove_input_filter(f);
114 return bail_out_on_error(b, f, HTTP_REQUEST_ENTITY_TOO_LARGE);
115 }
116
117 }
118
119 f->r->kept_body = apr_brigade_create(f->r->pool, f->r->connection->bucket_alloc);
120 ctx->remaining = dconf->keep_body;
121 }
122
123 /* get the brigade from upstream, and read it in to get its length */
124 rv = ap_get_brigade(f->next, b, mode, block, readbytes);
125 if (rv == APR_SUCCESS) {
126 rv = apr_brigade_length(b, 1, &len);
127 }
128
129 /* does the length take us over the limit? */
130 if (APR_SUCCESS == rv && len > ctx->remaining) {
131 if (f->r->kept_body) {
132 apr_brigade_cleanup(f->r->kept_body);
133 f->r->kept_body = NULL;
134 }
135 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, f->r, APLOGNO(01413)
136 "Requested content-length of %" APR_OFF_T_FMT
137 " is larger than the configured limit"
138 " of %" APR_OFF_T_FMT, len, ctx->keep_body);
139 return bail_out_on_error(b, f, HTTP_REQUEST_ENTITY_TOO_LARGE);
140 }
141 ctx->remaining -= len;
142
143 /* pass any errors downstream */
144 if (rv != APR_SUCCESS) {
145 if (f->r->kept_body) {
146 apr_brigade_cleanup(f->r->kept_body);
147 f->r->kept_body = NULL;
148 }
149 return rv;
150 }
151
152 /* all is well, set aside the buckets */
153 for (bucket = APR_BRIGADE_FIRST(b);
154 bucket != APR_BRIGADE_SENTINEL(b);
155 bucket = APR_BUCKET_NEXT(bucket))
156 {
157 apr_bucket_copy(bucket, &e);
158 APR_BRIGADE_INSERT_TAIL(f->r->kept_body, e);
159 }
160
161 return APR_SUCCESS;
162 }
163
164
165 typedef struct kept_body_filter_ctx {
166 apr_off_t offset;
167 apr_off_t remaining;
168 } kept_body_ctx_t;
169
170 /**
171 * Initialisation of filter to handle a kept body on subrequests.
172 *
173 * If a body is to be reinserted into a subrequest, any chunking will have
174 * been removed from the body during storage. We need to change the request
175 * from Transfer-Encoding: chunked to an explicit Content-Length.
176 */
kept_body_filter_init(ap_filter_t * f)177 static int kept_body_filter_init(ap_filter_t *f)
178 {
179 apr_off_t length = 0;
180 request_rec *r = f->r;
181 apr_bucket_brigade *kept_body = r->kept_body;
182
183 if (kept_body) {
184 apr_table_unset(r->headers_in, "Transfer-Encoding");
185 apr_brigade_length(kept_body, 1, &length);
186 apr_table_setn(r->headers_in, "Content-Length", apr_off_t_toa(r->pool, length));
187 }
188
189 return OK;
190 }
191
192 /**
193 * Filter to handle a kept body on subrequests.
194 *
195 * If a body has been previously kept by the request, and if a subrequest wants
196 * to re-insert the body into the request, this input filter makes it happen.
197 */
kept_body_filter(ap_filter_t * f,apr_bucket_brigade * b,ap_input_mode_t mode,apr_read_type_e block,apr_off_t readbytes)198 static apr_status_t kept_body_filter(ap_filter_t *f, apr_bucket_brigade *b,
199 ap_input_mode_t mode,
200 apr_read_type_e block,
201 apr_off_t readbytes)
202 {
203 request_rec *r = f->r;
204 apr_bucket_brigade *kept_body = r->kept_body;
205 kept_body_ctx_t *ctx = f->ctx;
206 apr_bucket *ec, *e2;
207 apr_status_t rv;
208
209 /* just get out of the way of things we don't want. */
210 if (!kept_body || (mode != AP_MODE_READBYTES && mode != AP_MODE_GETLINE)) {
211 return ap_get_brigade(f->next, b, mode, block, readbytes);
212 }
213
214 /* set up the context if it does not already exist */
215 if (!ctx) {
216 f->ctx = ctx = apr_palloc(f->r->pool, sizeof(*ctx));
217 ctx->offset = 0;
218 apr_brigade_length(kept_body, 1, &ctx->remaining);
219 }
220
221 /* kept_body is finished, send next filter */
222 if (ctx->remaining <= 0) {
223 return ap_get_brigade(f->next, b, mode, block, readbytes);
224 }
225
226 /* send all of the kept_body, but no more */
227 if (readbytes > ctx->remaining) {
228 readbytes = ctx->remaining;
229 }
230
231 /* send part of the kept_body */
232 if ((rv = apr_brigade_partition(kept_body, ctx->offset, &ec)) != APR_SUCCESS) {
233 ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(01414)
234 "apr_brigade_partition() failed on kept_body at %" APR_OFF_T_FMT, ctx->offset);
235 return rv;
236 }
237 if ((rv = apr_brigade_partition(kept_body, ctx->offset + readbytes, &e2)) != APR_SUCCESS) {
238 ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(01415)
239 "apr_brigade_partition() failed on kept_body at %" APR_OFF_T_FMT, ctx->offset + readbytes);
240 return rv;
241 }
242
243 do {
244 apr_bucket *foo;
245 const char *str;
246 apr_size_t len;
247
248 if (apr_bucket_copy(ec, &foo) != APR_SUCCESS) {
249 /* As above; this should not fail since the bucket has
250 * a known length, but just to be sure, this takes
251 * care of uncopyable buckets that do somehow manage
252 * to slip through. */
253 /* XXX: check for failure? */
254 apr_bucket_read(ec, &str, &len, APR_BLOCK_READ);
255 apr_bucket_copy(ec, &foo);
256 }
257 APR_BRIGADE_INSERT_TAIL(b, foo);
258 ec = APR_BUCKET_NEXT(ec);
259 } while (ec != e2);
260
261 ctx->remaining -= readbytes;
262 ctx->offset += readbytes;
263
264 return APR_SUCCESS;
265 }
266
267 /**
268 * Check whether this filter is not already present.
269 */
request_is_filter_present(request_rec * r,ap_filter_rec_t * fn)270 static int request_is_filter_present(request_rec * r, ap_filter_rec_t *fn)
271 {
272 ap_filter_t * f = r->input_filters;
273 while (f) {
274 if (f->frec == fn) {
275 return 1;
276 }
277 f = f->next;
278 }
279 return 0;
280 }
281
282 /**
283 * Insert filter hook.
284 *
285 * Add the KEEP_BODY filter to the request, if the admin wants to keep
286 * the body using the KeptBodySize directive.
287 *
288 * As a precaution, any pre-existing instances of either the kept_body or
289 * keep_body filters will be removed before the filter is added.
290 *
291 * @param r The request
292 */
ap_request_insert_filter(request_rec * r)293 static void ap_request_insert_filter(request_rec * r)
294 {
295 request_dir_conf *conf = ap_get_module_config(r->per_dir_config,
296 &request_module);
297
298 if (r->kept_body) {
299 if (!request_is_filter_present(r, kept_body_input_filter_handle)) {
300 ap_add_input_filter_handle(kept_body_input_filter_handle,
301 NULL, r, r->connection);
302 }
303 }
304 else if (conf->keep_body) {
305 if (!request_is_filter_present(r, kept_body_input_filter_handle)) {
306 ap_add_input_filter_handle(keep_body_input_filter_handle,
307 NULL, r, r->connection);
308 }
309 }
310 }
311
312 /*
313 * Remove the kept_body and keep_body filters from this specific request.
314 */
ap_request_remove_filter(request_rec * r)315 static void ap_request_remove_filter(request_rec *r)
316 {
317 ap_filter_t *f = r->input_filters;
318
319 while (f) {
320 if (f->frec->filter_func.in_func == kept_body_filter ||
321 f->frec->filter_func.in_func == keep_body_filter) {
322 ap_remove_input_filter(f);
323 }
324 f = f->next;
325 }
326 }
327
create_request_dir_config(apr_pool_t * p,char * dummy)328 static void *create_request_dir_config(apr_pool_t *p, char *dummy)
329 {
330 request_dir_conf *new =
331 (request_dir_conf *) apr_pcalloc(p, sizeof(request_dir_conf));
332
333 new->keep_body_set = 0; /* unset */
334 new->keep_body = 0; /* don't by default */
335
336 return (void *) new;
337 }
338
merge_request_dir_config(apr_pool_t * p,void * basev,void * addv)339 static void *merge_request_dir_config(apr_pool_t *p, void *basev, void *addv)
340 {
341 request_dir_conf *new = (request_dir_conf *) apr_pcalloc(p, sizeof(request_dir_conf));
342 request_dir_conf *add = (request_dir_conf *) addv;
343 request_dir_conf *base = (request_dir_conf *) basev;
344
345 new->keep_body = (add->keep_body_set == 0) ? base->keep_body : add->keep_body;
346 new->keep_body_set = add->keep_body_set || base->keep_body_set;
347
348 return new;
349 }
350
set_kept_body_size(cmd_parms * cmd,void * dconf,const char * arg)351 static const char *set_kept_body_size(cmd_parms *cmd, void *dconf,
352 const char *arg)
353 {
354 request_dir_conf *conf = dconf;
355 char *end = NULL;
356
357 if (APR_SUCCESS != apr_strtoff(&(conf->keep_body), arg, &end, 10)
358 || conf->keep_body < 0 || *end) {
359 return "KeptBodySize must be a valid size in bytes, or zero.";
360 }
361 conf->keep_body_set = 1;
362
363 return NULL;
364 }
365
366 static const command_rec request_cmds[] = {
367 AP_INIT_TAKE1("KeptBodySize", set_kept_body_size, NULL, ACCESS_CONF,
368 "Maximum size of request bodies kept aside for use by filters"),
369 { NULL }
370 };
371
register_hooks(apr_pool_t * p)372 static void register_hooks(apr_pool_t *p)
373 {
374 keep_body_input_filter_handle =
375 ap_register_input_filter(KEEP_BODY_FILTER, keep_body_filter,
376 NULL, AP_FTYPE_RESOURCE);
377 kept_body_input_filter_handle =
378 ap_register_input_filter(KEPT_BODY_FILTER, kept_body_filter,
379 kept_body_filter_init, AP_FTYPE_RESOURCE);
380 ap_hook_insert_filter(ap_request_insert_filter, NULL, NULL, APR_HOOK_LAST);
381 APR_REGISTER_OPTIONAL_FN(ap_request_insert_filter);
382 APR_REGISTER_OPTIONAL_FN(ap_request_remove_filter);
383 }
384
385 AP_DECLARE_MODULE(request) = {
386 STANDARD20_MODULE_STUFF,
387 create_request_dir_config, /* create per-directory config structure */
388 merge_request_dir_config, /* merge per-directory config structures */
389 NULL, /* create per-server config structure */
390 NULL, /* merge per-server config structures */
391 request_cmds, /* command apr_table_t */
392 register_hooks /* register hooks */
393 };
394