00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026
00027
00028
00029
00030
00031
00032
00033
00039 #ifndef _HTP_PRIVATE_H
00040 #define _HTP_PRIVATE_H
00041
00042 #ifdef __cplusplus
00043 extern "C" {
00044 #endif
00045
00046 #if defined(__cplusplus) && !defined(__STDC_FORMAT_MACROS)
00047
00048
00049 #define __STDC_FORMAT_MACROS
00050 #endif
00051
00052 #include <ctype.h>
00053 #include <errno.h>
00054 #include <iconv.h>
00055 #include <inttypes.h>
00056 #include <stdarg.h>
00057 #include <stdio.h>
00058 #include <stdlib.h>
00059 #include <unistd.h>
00060 #include <sys/types.h>
00061 #include <sys/stat.h>
00062
00063 #include "htp.h"
00064 #include "htp_config_private.h"
00065 #include "htp_connection_parser_private.h"
00066 #include "htp_connection_private.h"
00067 #include "htp_list_private.h"
00068 #include "htp_multipart_private.h"
00069 #include "htp_table_private.h"
00070
00071 #ifndef CR
00072 #define CR '\r'
00073 #endif
00074
00075 #ifndef LF
00076 #define LF '\n'
00077 #endif
00078
00079 #define HTP_FIELD_LIMIT_HARD 18000
00080 #define HTP_FIELD_LIMIT_SOFT 9000
00081
00082 #define HTP_VALID_STATUS_MIN 100
00083 #define HTP_VALID_STATUS_MAX 999
00084
00085
00086
00087
00088 htp_status_t htp_connp_REQ_IDLE(htp_connp_t *connp);
00089 htp_status_t htp_connp_REQ_LINE(htp_connp_t *connp);
00090 htp_status_t htp_connp_REQ_LINE_complete(htp_connp_t *connp);
00091 htp_status_t htp_connp_REQ_PROTOCOL(htp_connp_t *connp);
00092 htp_status_t htp_connp_REQ_HEADERS(htp_connp_t *connp);
00093 htp_status_t htp_connp_REQ_CONNECT_CHECK(htp_connp_t *connp);
00094 htp_status_t htp_connp_REQ_CONNECT_WAIT_RESPONSE(htp_connp_t *connp);
00095 htp_status_t htp_connp_REQ_CONNECT_PROBE_DATA(htp_connp_t *connp);
00096 htp_status_t htp_connp_REQ_BODY_DETERMINE(htp_connp_t *connp);
00097 htp_status_t htp_connp_REQ_BODY_IDENTITY(htp_connp_t *connp);
00098 htp_status_t htp_connp_REQ_BODY_CHUNKED_LENGTH(htp_connp_t *connp);
00099 htp_status_t htp_connp_REQ_BODY_CHUNKED_DATA(htp_connp_t *connp);
00100 htp_status_t htp_connp_REQ_BODY_CHUNKED_DATA_END(htp_connp_t *connp);
00101 htp_status_t htp_connp_REQ_FINALIZE(htp_connp_t *connp);
00102 htp_status_t htp_connp_REQ_IGNORE_DATA_AFTER_HTTP_0_9(htp_connp_t *connp);
00103
00104 htp_status_t htp_connp_RES_IDLE(htp_connp_t *connp);
00105 htp_status_t htp_connp_RES_LINE(htp_connp_t *connp);
00106 htp_status_t htp_connp_RES_HEADERS(htp_connp_t *connp);
00107 htp_status_t htp_connp_RES_BODY_DETERMINE(htp_connp_t *connp);
00108 htp_status_t htp_connp_RES_BODY_IDENTITY_CL_KNOWN(htp_connp_t *connp);
00109 htp_status_t htp_connp_RES_BODY_IDENTITY_STREAM_CLOSE(htp_connp_t *connp);
00110 htp_status_t htp_connp_RES_BODY_CHUNKED_LENGTH(htp_connp_t *connp);
00111 htp_status_t htp_connp_RES_BODY_CHUNKED_DATA(htp_connp_t *connp);
00112 htp_status_t htp_connp_RES_BODY_CHUNKED_DATA_END(htp_connp_t *connp);
00113 htp_status_t htp_connp_RES_FINALIZE(htp_connp_t *connp);
00114
00115
00116
00117 htp_status_t htp_parse_request_line_generic(htp_connp_t *connp);
00118 htp_status_t htp_parse_request_line_generic_ex(htp_connp_t *connp, int nul_terminates);
00119 htp_status_t htp_parse_request_header_generic(htp_connp_t *connp, htp_header_t *h, unsigned char *data, size_t len);
00120 htp_status_t htp_process_request_header_generic(htp_connp_t *, unsigned char *data, size_t len);
00121
00122 htp_status_t htp_parse_request_line_apache_2_2(htp_connp_t *connp);
00123 htp_status_t htp_process_request_header_apache_2_2(htp_connp_t *, unsigned char *data, size_t len);
00124
00125 htp_status_t htp_parse_response_line_generic(htp_connp_t *connp);
00126 htp_status_t htp_parse_response_header_generic(htp_connp_t *connp, htp_header_t *h, unsigned char *data, size_t len);
00127 htp_status_t htp_process_response_header_generic(htp_connp_t *connp, unsigned char *data, size_t len);
00128
00129
00130
00131
00132 htp_status_t htp_tx_state_response_complete_ex(htp_tx_t *tx, int hybrid_mode);
00133
00134
00135
00136
00137 int htp_convert_method_to_number(bstr *);
00138 int htp_is_lws(int c);
00139 int htp_is_separator(int c);
00140 int htp_is_text(int c);
00141 int htp_is_token(int c);
00142 int htp_chomp(unsigned char *data, size_t *len);
00143 int htp_is_space(int c);
00144
00145 int htp_parse_protocol(bstr *protocol);
00146
00147 int htp_is_line_empty(unsigned char *data, size_t len);
00148 int htp_is_line_whitespace(unsigned char *data, size_t len);
00149
00150 int htp_connp_is_line_folded(unsigned char *data, size_t len);
00151 int htp_is_folding_char(int c);
00152 int htp_connp_is_line_terminator(htp_connp_t *connp, unsigned char *data, size_t len);
00153 int htp_connp_is_line_ignorable(htp_connp_t *connp, unsigned char *data, size_t len);
00154
00155 int htp_parse_uri(bstr *input, htp_uri_t **uri);
00156 htp_status_t htp_parse_hostport(bstr *authority, bstr **hostname, bstr **port, int *port_number, int *invalid);
00157 htp_status_t htp_parse_header_hostport(bstr *authority, bstr **hostname, bstr **port, int *port_number, uint64_t *flags);
00158 int htp_validate_hostname(bstr *hostname);
00159 int htp_parse_uri_hostport(htp_connp_t *connp, bstr *input, htp_uri_t *uri);
00160 int htp_normalize_parsed_uri(htp_tx_t *tx, htp_uri_t *parsed_uri_incomplete, htp_uri_t *parsed_uri);
00161 bstr *htp_normalize_hostname_inplace(bstr *input);
00162 void htp_replace_hostname(htp_connp_t *connp, htp_uri_t *parsed_uri, bstr *hostname);
00163 int htp_is_uri_unreserved(unsigned char c);
00164
00165 int htp_decode_path_inplace(htp_tx_t *tx, bstr *path);
00166
00167 int htp_prenormalize_uri_path_inplace(bstr *s, int *flags, int case_insensitive, int backslash, int decode_separators, int remove_consecutive);
00168 void htp_normalize_uri_path_inplace(bstr *s);
00169
00170 void htp_utf8_decode_path_inplace(htp_cfg_t *cfg, htp_tx_t *tx, bstr *path);
00171 void htp_utf8_validate_path(htp_tx_t *tx, bstr *path);
00172
00173 int64_t htp_parse_content_length(bstr *b);
00174 int64_t htp_parse_chunked_length(unsigned char *data, size_t len);
00175 int64_t htp_parse_positive_integer_whitespace(unsigned char *data, size_t len, int base);
00176 int htp_parse_status(bstr *status);
00177 int htp_parse_authorization_digest(htp_connp_t *connp, htp_header_t *auth_header);
00178 int htp_parse_authorization_basic(htp_connp_t *connp, htp_header_t *auth_header);
00179
00180 void htp_print_log(FILE *stream, htp_log_t *log);
00181
00182 void fprint_bstr(FILE *stream, const char *name, bstr *b);
00183 void fprint_raw_data(FILE *stream, const char *name, const void *data, size_t len);
00184 void fprint_raw_data_ex(FILE *stream, const char *name, const void *data, size_t offset, size_t len);
00185
00186 char *htp_connp_in_state_as_string(htp_connp_t *connp);
00187 char *htp_connp_out_state_as_string(htp_connp_t *connp);
00188 char *htp_tx_request_progress_as_string(htp_tx_t *tx);
00189 char *htp_tx_response_progress_as_string(htp_tx_t *tx);
00190
00191 bstr *htp_unparse_uri_noencode(htp_uri_t *uri);
00192
00193 int htp_treat_response_line_as_body(const uint8_t *data, size_t len);
00194
00195 htp_status_t htp_req_run_hook_body_data(htp_connp_t *connp, htp_tx_data_t *d);
00196 htp_status_t htp_res_run_hook_body_data(htp_connp_t *connp, htp_tx_data_t *d);
00197
00198 htp_status_t htp_ch_urlencoded_callback_request_body_data(htp_tx_data_t *d);
00199 htp_status_t htp_ch_urlencoded_callback_request_headers(htp_tx_t *tx);
00200 htp_status_t htp_ch_urlencoded_callback_request_line(htp_tx_t *tx);
00201 htp_status_t htp_ch_multipart_callback_request_body_data(htp_tx_data_t *d);
00202 htp_status_t htp_ch_multipart_callback_request_headers(htp_tx_t *tx);
00203
00204 htp_status_t htp_php_parameter_processor(htp_param_t *p);
00205
00206 int htp_transcode_params(htp_connp_t *connp, htp_table_t **params, int destroy_old);
00207 int htp_transcode_bstr(iconv_t cd, bstr *input, bstr **output);
00208
00209 int htp_parse_single_cookie_v0(htp_connp_t *connp, unsigned char *data, size_t len);
00210 int htp_parse_cookies_v0(htp_connp_t *connp);
00211 int htp_parse_authorization(htp_connp_t *connp);
00212
00213 htp_status_t htp_extract_quoted_string_as_bstr(unsigned char *data, size_t len, bstr **out, size_t *endoffset);
00214
00215 htp_header_t *htp_connp_header_parse(htp_connp_t *, unsigned char *, size_t);
00216
00217 htp_status_t htp_parse_ct_header(bstr *header, bstr **ct);
00218
00219 htp_status_t htp_connp_req_receiver_finalize_clear(htp_connp_t *connp);
00220 htp_status_t htp_connp_res_receiver_finalize_clear(htp_connp_t *connp);
00221
00222 htp_status_t htp_tx_finalize(htp_tx_t *tx);
00223
00224 int htp_tx_is_complete(htp_tx_t *tx);
00225
00226 htp_status_t htp_tx_state_request_complete_partial(htp_tx_t *tx);
00227
00228 void htp_connp_tx_remove(htp_connp_t *connp, htp_tx_t *tx);
00229
00230 void htp_tx_destroy_incomplete(htp_tx_t *tx);
00231
00232 htp_status_t htp_tx_req_process_body_data_ex(htp_tx_t *tx, const void *data, size_t len);
00233 htp_status_t htp_tx_res_process_body_data_ex(htp_tx_t *tx, const void *data, size_t len);
00234
00235 htp_status_t htp_tx_urldecode_uri_inplace(htp_tx_t *tx, bstr *input);
00236 htp_status_t htp_tx_urldecode_params_inplace(htp_tx_t *tx, bstr *input);
00237
00238 void htp_connp_destroy_decompressors(htp_connp_t *connp);
00239
00240 #ifndef HAVE_STRLCAT
00241 size_t strlcat(char *dst, const char *src, size_t size);
00242 #endif
00243
00244 #ifndef HAVE_STRLCPY
00245 size_t strlcpy(char *dst, const char *src, size_t size);
00246 #endif
00247
00248 #ifdef __cplusplus
00249 }
00250 #endif
00251
00252 #endif
00253