lib/libhttp
1
0
Fork 0
mirror of https://github.com/lammertb/libhttp.git synced 2025-07-29 21:01:13 +03:00
Code Activity

Merge #217 with a another (incomplete) implementation of the same issue, and format code

Browse Source
This commit is contained in:
bel
2015-10-30 01:25:19 +01:00
parent b9b940577a
commit 407e628b0b
4 changed files with 313 additions and 85 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
VS2012/civetweb.sln
View File

@ -26,6 +26,8 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "duktape_lib", "duktape_lib\
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ex_websocket", "ex_websocket\ex_websocket.vcxproj", "{58B93E94-7766-435E-93AE-42A2FB5D99B1}"
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ex_embed_cpp", "ex_embed_cpp\ex_embed_cpp.vcxproj", "{4308C5EE-45E4-45D8-9D73-6C4E2587AD78}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Mixed Platforms = Debug|Mixed Platforms
@ -152,6 +154,16 @@ Global
{58B93E94-7766-435E-93AE-42A2FB5D99B1}.Release|Win32.ActiveCfg = Release|Win32
{58B93E94-7766-435E-93AE-42A2FB5D99B1}.Release|Win32.Build.0 = Release|Win32
{58B93E94-7766-435E-93AE-42A2FB5D99B1}.Release|x64.ActiveCfg = Release|Win32
{4308C5EE-45E4-45D8-9D73-6C4E2587AD78}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
{4308C5EE-45E4-45D8-9D73-6C4E2587AD78}.Debug|Mixed Platforms.Build.0 = Debug|Win32
{4308C5EE-45E4-45D8-9D73-6C4E2587AD78}.Debug|Win32.ActiveCfg = Debug|Win32
{4308C5EE-45E4-45D8-9D73-6C4E2587AD78}.Debug|Win32.Build.0 = Debug|Win32
{4308C5EE-45E4-45D8-9D73-6C4E2587AD78}.Debug|x64.ActiveCfg = Debug|Win32
{4308C5EE-45E4-45D8-9D73-6C4E2587AD78}.Release|Mixed Platforms.ActiveCfg = Release|Win32
{4308C5EE-45E4-45D8-9D73-6C4E2587AD78}.Release|Mixed Platforms.Build.0 = Release|Win32
{4308C5EE-45E4-45D8-9D73-6C4E2587AD78}.Release|Win32.ActiveCfg = Release|Win32
{4308C5EE-45E4-45D8-9D73-6C4E2587AD78}.Release|Win32.Build.0 = Release|Win32
{4308C5EE-45E4-45D8-9D73-6C4E2587AD78}.Release|x64.ActiveCfg = Release|Win32
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE

51
examples/embedded_cpp/embedded_cpp.cpp
View File

@ -187,6 +187,9 @@ class FooHandler : public CivetHandler
return true;
}
#define fopen_recursive fopen
bool
handlePut(CivetServer *server, struct mg_connection *conn)
{
@ -194,41 +197,51 @@ class FooHandler : public CivetHandler
const struct mg_request_info *req_info = mg_get_request_info(conn);
long long rlen, wlen;
long long nlen = 0;
long long tlen = (size_t)req_info->content_length;
long long tlen = req_info->content_length;
FILE * f;
char buf[1024];
int fail = 0;
mg_printf(conn,
"HTTP/1.1 200 OK\r\nContent-Type: "
"text/html\r\nConnection: close\r\n\r\n");
mg_printf(conn, "<html><body>\n");
mg_printf(conn, "<h2>This is the Foo PUT handler!!!</h2>\n");
mg_printf(conn,
"<p>The request was:<br><pre>%s %s HTTP/%s</pre></p>\n",
req_info->request_method,
req_info->uri,
req_info->http_version);
mg_printf(conn, "<p>Content Length: %li</p>\n", (long)tlen);
mg_printf(conn, "<pre>\n");
_snprintf(buf, sizeof(buf), "D:\\somewhere\\%s\\%s", req_info->remote_user, req_info->local_uri);
buf[sizeof(buf)-1] = 0; /* TODO: check overflow */
f = fopen_recursive(buf, "wb");
if (!f) {
fail = 1;
} else {
while (nlen < tlen) {
rlen = tlen - nlen;
if (rlen > sizeof(buf)) {
rlen = sizeof(buf);
}
rlen = mg_read(conn, buf, rlen);
rlen = mg_read(conn, buf, (size_t)rlen);
if (rlen <= 0) {
fail = 1;
break;
}
wlen = mg_write(conn, buf, rlen);
wlen = fwrite(buf, 1, (size_t)rlen, f);
if (rlen != rlen) {
fail = 1;
break;
}
nlen += wlen;
}
fclose(f);
}
mg_printf(conn, "\n</pre>\n");
mg_printf(conn, "</body></html>\n");
if (fail) {
mg_printf(conn,
"HTTP/1.1 409 Conflict\r\n"
"Content-Type: text/plain\r\n"
"Connection: close\r\n\r\n");
MessageBeep(MB_ICONERROR);
} else {
mg_printf(conn,
"HTTP/1.1 201 Created\r\n"
"Content-Type: text/plain\r\n"
"Connection: close\r\n\r\n");
MessageBeep(MB_OK);
}
return true;
}
@ -257,7 +270,7 @@ main(int argc, char *argv[])
server.addHandler("/a/b", h_ab);
FooHandler h_foo;
server.addHandler("**.foo$", h_foo);
server.addHandler("", h_foo);
printf("Browse files at http://localhost:%s/\n", PORT);
printf("Run example at http://localhost:%s%s\n", PORT, EXAMPLE_URI);

188
src/civetweb.c
View File

@ -803,6 +803,9 @@ typedef int socklen_t;
#if defined(NO_SSL_DL)
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/crypto.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#else
/* SSL loaded dynamically from DLL.
* I put the prototypes here to be independent from OpenSSL source
@ -811,7 +814,12 @@ typedef int socklen_t;
typedef struct ssl_st SSL;
typedef struct ssl_method_st SSL_METHOD;
typedef struct ssl_ctx_st SSL_CTX;
typedef struct x5099_store_ctx_st X509_STORE_CTX;
typedef struct x509_store_ctx_st X509_STORE_CTX;
#define SSL_VERIFY_NONE (0)
#define SSL_VERIFY_PEER (1)
#define SSL_VERIFY_FAIL_IF_NO_PEER_CERT (2)
#define SSL_VERIFY_CLIENT_ONCE (4)
struct ssl_func {
const char *name; /* SSL function name */
@ -841,14 +849,21 @@ struct ssl_func {
(*(int (*)(SSL_CTX *, const char *))ssl_sw[16].ptr)
#define SSLv23_client_method (*(SSL_METHOD * (*)(void))ssl_sw[17].ptr)
#define SSL_pending (*(int (*)(SSL *))ssl_sw[18].ptr)
#define SSL_CTX_set_verify (*(void (*)(SSL_CTX *, int, int))ssl_sw[19].ptr)
#define SSL_CTX_set_verify \
(*(void (*)(SSL_CTX *, \
int, \
int (*verify_callback)(int, X509_STORE_CTX *)))ssl_sw[19].ptr)
#define SSL_shutdown (*(int (*)(SSL *))ssl_sw[20].ptr)
#define SSL_CTX_load_verify_locations \
(*(int (*)(SSL_CTX *, const char *, const char *))ssl_sw[21].ptr)
#define SSL_CTX_set_default_verify_paths \
(*(int (*)(SSL_CTX *))ssl_sw[22].ptr)
(*(int (*)(SSL_CTX *, const char *, const char *))ssl_sw[21].ptr)
#define SSL_CTX_set_default_verify_paths (*(int (*)(SSL_CTX *))ssl_sw[22].ptr)
#define SSL_CTX_set_verify_depth (*(void (*)(SSL_CTX *, int))ssl_sw[23].ptr)
#define SSL_get_peer_certificate (*(X509 * (*)(SSL *))ssl_sw[24].ptr)
#define SSL_get_version (*(const char *(*)(SSL *))ssl_sw[25].ptr)
#define SSL_get_current_cipher (*(SSL_CIPHER * (*)(SSL *))ssl_sw[26].ptr)
#define SSL_CIPHER_get_name \
(*(const char *(*)(const SSL_CIPHER *))ssl_sw[27].ptr)
#define SSL_CTX_check_private_key (*(int (*)(SSL_CTX *))ssl_sw[28].ptr)
#define CRYPTO_num_locks (*(int (*)(void))crypto_sw[0].ptr)
#define CRYPTO_set_locking_callback \
(*(void (*)(void (*)(int, int, const char *, int)))crypto_sw[1].ptr)
@ -885,6 +900,11 @@ static struct ssl_func ssl_sw[] = {{"SSL_free", NULL},
{"SSL_CTX_load_verify_locations", NULL},
{"SSL_CTX_set_default_verify_paths", NULL},
{"SSL_CTX_set_verify_depth", NULL},
{"SSL_get_peer_certificate", NULL},
{"SSL_get_version", NULL},
{"SSL_get_current_cipher", NULL},
{"SSL_CIPHER_get_name", NULL},
{"SSL_CTX_check_private_key", NULL},
{NULL, NULL}};
/* Similar array as ssl_sw. These functions could be located in different
@ -980,7 +1000,7 @@ enum {
REWRITE,
HIDE_FILES,
REQUEST_TIMEOUT,
SSL_VERIFY_PEER,
SSL_DO_VERIFY_PEER,
SSL_CA_PATH,
SSL_CA_FILE,
SSL_VERIFY_DEPTH,
@ -8199,7 +8219,7 @@ mg_websocket_client_write(struct mg_connection *conn,
lcg = lcg * 6364136223846793005 + 1442695040888963407;
}
masking_key = (uint32_t)lfsr ^ (uint32_t)lcg ^ now.tv_nsec;
masking_key = (uint32_t)lfsr ^ (uint32_t)lcg ^ (uint32_t)now.tv_nsec;
if (masked_data == NULL) {
/* Return -1 in an error case */
@ -9400,6 +9420,7 @@ close_all_listening_sockets(struct mg_context *ctx)
ctx->listening_ports = NULL;
}
/* Valid listening port specification is: [ip_address:]port[s]
* Examples for IPv4: 80, 443s, 127.0.0.1:3128, 1.2.3.4:8080s
* Examples for IPv6: [::]:80, [::1]:80,
@ -9456,6 +9477,7 @@ parse_port_string(const struct vec *vec, struct socket *so)
&& (ch == '\0' || ch == 's' || ch == 'r' || ch == ',');
}
static int
set_ports_option(struct mg_context *ctx)
{
@ -9667,6 +9689,7 @@ set_ports_option(struct mg_context *ctx)
return portsOk;
}
static const char *
header_val(const struct mg_connection *conn, const char *header)
{
@ -9679,6 +9702,7 @@ header_val(const struct mg_connection *conn, const char *header)
}
}
static void
log_access(const struct mg_connection *conn)
{
@ -9748,6 +9772,7 @@ log_access(const struct mg_connection *conn)
}
}
/* Verify given socket address against the ACL.
* Return -1 if ACL is malformed, 0 if address is disallowed, 1 if allowed. */
static int
@ -9783,6 +9808,7 @@ check_acl(struct mg_context *ctx, uint32_t remote_ip)
return -1;
}
#if !defined(_WIN32)
static int
set_uid_option(struct mg_context *ctx)
@ -9825,6 +9851,7 @@ set_uid_option(struct mg_context *ctx)
}
#endif /* !_WIN32 */
static void
tls_dtor(void *key)
{
@ -9840,6 +9867,7 @@ tls_dtor(void *key)
pthread_setspecific(sTlsKey, NULL);
}
#if !defined(NO_SSL)
/* Must be set if sizeof(pthread_t) > sizeof(unsigned long) */
@ -9886,19 +9914,37 @@ ssl_id_callback(void)
static pthread_mutex_t *ssl_mutexes;
static int
sslize(struct mg_connection *conn, SSL_CTX *s, int (*func)(SSL *))
{
int ret, err;
if (!conn) {
return 0;
}
conn->ssl = SSL_new(s);
return (conn->ssl != NULL)
&& SSL_set_fd(conn->ssl, conn->client.sock) == 1
&& func(conn->ssl) == 1;
if (conn->ssl == NULL) {
return 0;
}
ret = SSL_set_fd(conn->ssl, conn->client.sock);
if (ret != 1) {
err = SSL_get_error(conn->ssl, ret);
return 0;
}
ret = func(conn->ssl);
if (ret != 1) {
err = SSL_get_error(conn->ssl, ret);
return 0;
}
return 1;
}
/* Return OpenSSL error message (from CRYPTO lib) */
static const char *
ssl_error(void)
@ -9908,6 +9954,7 @@ ssl_error(void)
return err == 0 ? "" : ERR_error_string(err, NULL);
}
static void
ssl_locking_callback(int mode, int mutex_num, const char *file, int line)
{
@ -9922,6 +9969,7 @@ ssl_locking_callback(int mode, int mutex_num, const char *file, int line)
}
}
#if !defined(NO_SSL_DL)
static void *
load_dll(struct mg_context *ctx, const char *dll_name, struct ssl_func *sw)
@ -9969,12 +10017,14 @@ static void *cryptolib_dll_handle; /* Store the crypto library handle. */
#endif /* NO_SSL_DL */
#if defined(SSL_ALREADY_INITIALIZED)
static int cryptolib_users = 1; /* Reference counter for crypto library. */
#else
static int cryptolib_users = 0; /* Reference counter for crypto library. */
#endif
static int
initialize_ssl(struct mg_context *ctx)
{
@ -10020,6 +10070,30 @@ initialize_ssl(struct mg_context *ctx)
return 1;
}
int
verify_ssl_client(int preverify_ok, X509_STORE_CTX *x509_ctx)
{
int ret = preverify_ok;
/* TODO: check if this function is required at all
TODO: store rejected connection attempts
char buf[256];
struct X509 *err_cert;
int err, depth;
SSL *ssl;
*/
/* Ignore pre-verification - only accept clients we know locally */
(void)preverify_ok;
/*
err_cert = X509_STORE_CTX_get_current_cert(x509_st);
err = X509_STORE_CTX_get_error(x509_st);
depth = X509_STORE_CTX_get_error_depth(x509_st);
*/
return ret;
}
/* Dynamically load SSL library. Set up ctx->ssl_ctx pointer. */
static int
set_ssl_option(struct mg_context *ctx)
@ -10027,8 +10101,8 @@ set_ssl_option(struct mg_context *ctx)
const char *pem;
int callback_ret;
int should_verify_peer;
const char* ca_path;
const char* ca_file;
const char *ca_path;
const char *ca_file;
int use_default_verify_paths;
int verify_depth;
@ -10077,54 +10151,101 @@ set_ssl_option(struct mg_context *ctx)
mg_cry(fc(ctx), "SSL callback returned error: %i", callback_ret);
return 0;
}
if (callback_ret == 0) {
if (callback_ret > 0) {
if (pem != NULL) {
if ((SSL_CTX_use_certificate_file(ctx->ssl_ctx, pem, 1) == 0)
|| (SSL_CTX_use_PrivateKey_file(ctx->ssl_ctx, pem, 1) == 0)) {
(void)SSL_CTX_use_certificate_chain_file(ctx->ssl_ctx, pem);
}
return 1;
}
if (pem != NULL) {
if (SSL_CTX_use_certificate_file(ctx->ssl_ctx, pem, 1) == 0) {
mg_cry(fc(ctx),
"%s: cannot open %s: %s",
"%s: cannot open certificate file %s: %s",
__func__,
pem,
ssl_error());
return 0;
}
/* could use SSL_CTX_set_default_passwd_cb_userdata */
if (SSL_CTX_use_PrivateKey_file(ctx->ssl_ctx, pem, 1) == 0) {
mg_cry(fc(ctx),
"%s: cannot open private key file %s: %s",
__func__,
pem,
ssl_error());
return 0;
}
if (SSL_CTX_check_private_key(ctx->ssl_ctx) == 0) {
mg_cry(fc(ctx),
"%s: certificate and private key do not match: %s",
__func__,
pem);
return 0;
}
if (SSL_CTX_use_certificate_chain_file(ctx->ssl_ctx, pem) == 0) {
mg_cry(fc(ctx),
"%s: cannot use certificate chain file %s: %s",
__func__,
pem,
ssl_error());
return 0;
}
}
}
if (pem != NULL) {
(void)SSL_CTX_use_certificate_chain_file(ctx->ssl_ctx, pem);
}
should_verify_peer =
(ctx->config[SSL_DO_VERIFY_PEER] != NULL)
&& (mg_strcasecmp(ctx->config[SSL_DO_VERIFY_PEER], "yes") == 0);
should_verify_peer = (ctx->config[SSL_VERIFY_PEER] != NULL)
&& (mg_strcasecmp(ctx->config[SSL_VERIFY_PEER], "yes") == 0);
use_default_verify_paths = (ctx->config[SSL_DEFAULT_VERIFY_PATHS] != NULL)
use_default_verify_paths =
(ctx->config[SSL_DEFAULT_VERIFY_PATHS] != NULL)
&& (mg_strcasecmp(ctx->config[SSL_DEFAULT_VERIFY_PATHS], "yes") == 0);
if (should_verify_peer) {
ca_path = ctx->config[SSL_CA_PATH];
ca_file = ctx->config[SSL_CA_FILE];
if (SSL_CTX_load_verify_locations(ctx->ssl_ctx, ca_file, ca_path) != 1) {
mg_cry(fc(ctx), "SSL_CTX_load_verify_locations error: %s "
if (SSL_CTX_load_verify_locations(ctx->ssl_ctx, ca_file, ca_path)
!= 1) {
mg_cry(
fc(ctx),
"SSL_CTX_load_verify_locations error: %s "
"ssl_verify_peer requires setting "
"either ssl_ca_path or ssl_ca_file. Is any of them present in "
"the .conf file?", ssl_error());
"the .conf file?",
ssl_error());
return 0;
}
SSL_CTX_set_verify(ctx->ssl_ctx, 3, 0);
if (use_default_verify_paths
&& SSL_CTX_set_default_verify_paths(ctx->ssl_ctx) != 1) {
mg_cry(fc(ctx), "SSL_CTX_set_default_verify_paths error: %s", ssl_error());
mg_cry(fc(ctx),
"SSL_CTX_set_default_verify_paths error: %s",
ssl_error());
return 0;
}
if (ctx->config[SSL_VERIFY_DEPTH]){
if (ctx->config[SSL_VERIFY_DEPTH]) {
verify_depth = atoi(ctx->config[SSL_VERIFY_DEPTH]);
SSL_CTX_set_verify_depth(ctx->ssl_ctx, verify_depth);
}
}
/* TODO: could set use SSL_CTX_set_cipher_list if set*/
/* TODO: could use client certificates here */
#if 0
SSL_CTX_set_verify(ctx->ssl_ctx,
SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
NULL);
SSL_CTX_load_verify_locations(ctx->ssl_ctx, "D:\\civetweb\\civetweb\\resources\\cert\\client.pem", NULL);
#endif
return 1;
}
@ -10355,6 +10476,7 @@ mg_close_connection(struct mg_connection *conn)
mg_free(conn);
}
struct mg_connection *
mg_connect_client(const char *host,
int port,
@ -10429,7 +10551,9 @@ mg_connect_client(const char *host,
SSL_CTX_set_verify call is needed to switch off server
* certificate checking, which is off by default in OpenSSL and on
* in yaSSL. */
SSL_CTX_set_verify(conn->client_ssl_ctx, 0, 0);
SSL_CTX_set_verify(conn->client_ssl_ctx, SSL_VERIFY_NONE, NULL);
// TODO: SSL_CTX_set_verify(conn->client_ssl_ctx, SSL_VERIFY_PEER,
// verify_ssl_server);
sslize(conn, conn->client_ssl_ctx, SSL_connect);
}
#endif
@ -11162,6 +11286,8 @@ worker_thread_run(void *thread_func_param)
|| sslize(conn, conn->ctx->ssl_ctx, SSL_accept)
#endif
) {
process_new_connection(conn);
}

77
src/main.c
View File

@ -2279,6 +2279,83 @@ WinMain(HINSTANCE hInst, HINSTANCE hPrev, LPSTR cmdline, int show)
HWND hWnd;
MSG msg;
int i;
int dataLen = 4;
char data[256] = {0};
char masked_data[256] = {0};
uint32_t masking_key = 0x01020304;
for (i = 0; i < dataLen - 3; i += 4) {
*(uint32_t *)(void *)(masked_data + i) =
*(uint32_t *)(void *)(data + i) ^ masking_key;
}
if (i != dataLen) {
/* convert 1-3 remaining bytes */
i -= 4;
while (i < dataLen) {
*(uint8_t *)(void *)(masked_data + i) =
*(uint8_t *)(void *)(data + i)
^ *(((uint8_t *)&masking_key) + (i % 4));
i++;
}
}
#if 0
/* http://lomont.org/Math/Papers/2008/Lomont_PRNG_2008.pdf */
/* initialize state to random bits
*/
static unsigned long state[16];
/* init should also reset this to 0 */
static unsigned int index = 0;
/* return 32 bit random number
*/
unsigned long WELLRN G512(void)
{
unsigned long a, b, c, d;
a = state[index];
c = state[(index + 13) & 15];
b = a ^ c ^ (a << 16) ^ (c << 15);
c = state[(index + 9) & 15];
c ^= (c >> 11);
a = state[index] = b ^ c;
d = a ^ ((a << 5) & 0xDA442D24 UL);
index = (index + 15) & 15;
a = state[index];
state[index] = a ^ b ^ d ^ (a << 2) ^ (b << 18) ^ (c << 28);
return state[index];
}
uint32_t x, y, z, w;
uint32_t xorshift128(void)
{
uint32_t t = x ^ (x << 11);
x = y;
y = z;
z = w;
return w = w ^ (w >> 19) ^ t ^ (t >> 8);
}
static uint64_t lfsr = 1;
static uint64_t lcg = 0;
uint64_t r = 0;
do {
lfsr = (lfsr >> 1)
| ((((lfsr >> 0) ^ (lfsr >> 1) ^ (lfsr >> 3) ^ (lfsr >> 4)) & 1)
<< 63);
lcg = lcg * 6364136223846793005 + 1442695040888963407;
++r;
} while (lcg != 0);
fprintf(stdout, "lfsr = %I64u, lcg = %i64u, r = %i64u\n", lfsr, lcg, r);
#endif
(void)hInst;
(void)hPrev;
(void)cmdline;