3 * Copyright (C) Igor Sysoev
7 #include <ngx_config.h>
12 static uint32_t usual[] = {
13 0xffffdbfe, /* 1111 1111 1111 1111 1101 1011 1111 1110 */
15 /* ?>=< ;:98 7654 3210 /.-, +*)( '&%$ #"! */
16 0x7fff37d6, /* 0111 1111 1111 1111 0011 0111 1101 0110 */
18 /* _^]\ [ZYX WVUT SRQP ONML KJIH GFED CBA@ */
20 0xefffffff, /* 1110 1111 1111 1111 1111 1111 1111 1111 */
22 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
25 /* ~}| {zyx wvut srqp onml kjih gfed cba` */
26 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
28 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
29 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
30 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
31 0xffffffff /* 1111 1111 1111 1111 1111 1111 1111 1111 */
35 #if (NGX_HAVE_LITTLE_ENDIAN && NGX_HAVE_NONALIGNED)
37 #define ngx_str3_cmp(m, c0, c1, c2, c3) \
38 *(uint32_t *) m == ((c3 << 24) | (c2 << 16) | (c1 << 8) | c0)
40 #define ngx_str3Ocmp(m, c0, c1, c2, c3) \
41 *(uint32_t *) m == ((c3 << 24) | (c2 << 16) | (c1 << 8) | c0)
43 #define ngx_str4cmp(m, c0, c1, c2, c3) \
44 *(uint32_t *) m == ((c3 << 24) | (c2 << 16) | (c1 << 8) | c0)
46 #define ngx_str5cmp(m, c0, c1, c2, c3, c4) \
47 *(uint32_t *) m == ((c3 << 24) | (c2 << 16) | (c1 << 8) | c0) \
50 #define ngx_str6cmp(m, c0, c1, c2, c3, c4, c5) \
51 *(uint32_t *) m == ((c3 << 24) | (c2 << 16) | (c1 << 8) | c0) \
52 && (((uint32_t *) m)[1] & 0xffff) == ((c5 << 8) | c4)
54 #define ngx_str7_cmp(m, c0, c1, c2, c3, c4, c5, c6, c7) \
55 *(uint32_t *) m == ((c3 << 24) | (c2 << 16) | (c1 << 8) | c0) \
56 && ((uint32_t *) m)[1] == ((c7 << 24) | (c6 << 16) | (c5 << 8) | c4)
58 #define ngx_str8cmp(m, c0, c1, c2, c3, c4, c5, c6, c7) \
59 *(uint32_t *) m == ((c3 << 24) | (c2 << 16) | (c1 << 8) | c0) \
60 && ((uint32_t *) m)[1] == ((c7 << 24) | (c6 << 16) | (c5 << 8) | c4)
62 #define ngx_str9cmp(m, c0, c1, c2, c3, c4, c5, c6, c7, c8) \
63 *(uint32_t *) m == ((c3 << 24) | (c2 << 16) | (c1 << 8) | c0) \
64 && ((uint32_t *) m)[1] == ((c7 << 24) | (c6 << 16) | (c5 << 8) | c4) \
67 #else /* !(NGX_HAVE_LITTLE_ENDIAN && NGX_HAVE_NONALIGNED) */
69 #define ngx_str3_cmp(m, c0, c1, c2, c3) \
70 m[0] == c0 && m[1] == c1 && m[2] == c2
72 #define ngx_str3Ocmp(m, c0, c1, c2, c3) \
73 m[0] == c0 && m[2] == c2 && m[3] == c3
75 #define ngx_str4cmp(m, c0, c1, c2, c3) \
76 m[0] == c0 && m[1] == c1 && m[2] == c2 && m[3] == c3
78 #define ngx_str5cmp(m, c0, c1, c2, c3, c4) \
79 m[0] == c0 && m[1] == c1 && m[2] == c2 && m[3] == c3 && m[4] == c4
81 #define ngx_str6cmp(m, c0, c1, c2, c3, c4, c5) \
82 m[0] == c0 && m[1] == c1 && m[2] == c2 && m[3] == c3 \
83 && m[4] == c4 && m[5] == c5
85 #define ngx_str7_cmp(m, c0, c1, c2, c3, c4, c5, c6, c7) \
86 m[0] == c0 && m[1] == c1 && m[2] == c2 && m[3] == c3 \
87 && m[4] == c4 && m[5] == c5 && m[6] == c6
89 #define ngx_str8cmp(m, c0, c1, c2, c3, c4, c5, c6, c7) \
90 m[0] == c0 && m[1] == c1 && m[2] == c2 && m[3] == c3 \
91 && m[4] == c4 && m[5] == c5 && m[6] == c6 && m[7] == c7
93 #define ngx_str9cmp(m, c0, c1, c2, c3, c4, c5, c6, c7, c8) \
94 m[0] == c0 && m[1] == c1 && m[2] == c2 && m[3] == c3 \
95 && m[4] == c4 && m[5] == c5 && m[6] == c6 && m[7] == c7 && m[8] == c8
100 /* gcc, icc, msvc and others compile these switches as an jump table */
103 ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b)
105 u_char c, ch, *p, *m;
109 sw_spaces_before_uri,
112 sw_schema_slash_slash,
115 sw_after_slash_in_uri,
123 sw_first_major_digit,
125 sw_first_minor_digit,
127 sw_spaces_after_digit,
133 for (p = b->pos; p < b->last; p++) {
138 /* HTTP methods: GET, HEAD, POST */
140 r->request_start = p;
142 if (ch == CR || ch == LF) {
146 if (ch < 'A' || ch > 'Z') {
147 return NGX_HTTP_PARSE_INVALID_METHOD;
155 r->method_end = p - 1;
156 m = r->request_start;
161 if (ngx_str3_cmp(m, 'G', 'E', 'T', ' ')) {
162 r->method = NGX_HTTP_GET;
166 if (ngx_str3_cmp(m, 'P', 'U', 'T', ' ')) {
167 r->method = NGX_HTTP_PUT;
176 if (ngx_str3Ocmp(m, 'P', 'O', 'S', 'T')) {
177 r->method = NGX_HTTP_POST;
181 if (ngx_str3Ocmp(m, 'C', 'O', 'P', 'Y')) {
182 r->method = NGX_HTTP_COPY;
186 if (ngx_str3Ocmp(m, 'M', 'O', 'V', 'E')) {
187 r->method = NGX_HTTP_MOVE;
191 if (ngx_str3Ocmp(m, 'L', 'O', 'C', 'K')) {
192 r->method = NGX_HTTP_LOCK;
198 if (ngx_str4cmp(m, 'H', 'E', 'A', 'D')) {
199 r->method = NGX_HTTP_HEAD;
207 if (ngx_str5cmp(m, 'M', 'K', 'C', 'O', 'L')) {
208 r->method = NGX_HTTP_MKCOL;
211 if (ngx_str5cmp(m, 'T', 'R', 'A', 'C', 'E')) {
212 r->method = NGX_HTTP_TRACE;
218 if (ngx_str6cmp(m, 'D', 'E', 'L', 'E', 'T', 'E')) {
219 r->method = NGX_HTTP_DELETE;
223 if (ngx_str6cmp(m, 'U', 'N', 'L', 'O', 'C', 'K')) {
224 r->method = NGX_HTTP_UNLOCK;
231 if (ngx_str7_cmp(m, 'O', 'P', 'T', 'I', 'O', 'N', 'S', ' '))
233 r->method = NGX_HTTP_OPTIONS;
239 if (ngx_str8cmp(m, 'P', 'R', 'O', 'P', 'F', 'I', 'N', 'D'))
241 r->method = NGX_HTTP_PROPFIND;
248 'P', 'R', 'O', 'P', 'P', 'A', 'T', 'C', 'H'))
250 r->method = NGX_HTTP_PROPPATCH;
256 state = sw_spaces_before_uri;
260 if (ch < 'A' || ch > 'Z') {
261 return NGX_HTTP_PARSE_INVALID_METHOD;
266 /* space* before URI */
267 case sw_spaces_before_uri:
271 state = sw_after_slash_in_uri;
275 c = (u_char) (ch | 0x20);
276 if (c >= 'a' && c <= 'z') {
286 return NGX_HTTP_PARSE_INVALID_REQUEST;
292 c = (u_char) (ch | 0x20);
293 if (c >= 'a' && c <= 'z') {
300 state = sw_schema_slash;
303 return NGX_HTTP_PARSE_INVALID_REQUEST;
307 case sw_schema_slash:
310 state = sw_schema_slash_slash;
313 return NGX_HTTP_PARSE_INVALID_REQUEST;
317 case sw_schema_slash_slash:
320 r->host_start = p + 1;
324 return NGX_HTTP_PARSE_INVALID_REQUEST;
330 c = (u_char) (ch | 0x20);
331 if (c >= 'a' && c <= 'z') {
335 if ((ch >= '0' && ch <= '9') || ch == '.' || ch == '-') {
347 state = sw_after_slash_in_uri;
351 * use single "/" from request line to preserve pointers,
352 * if request line will be copied to large client buffer
354 r->uri_start = r->schema_end + 1;
355 r->uri_end = r->schema_end + 2;
359 return NGX_HTTP_PARSE_INVALID_REQUEST;
364 if (ch >= '0' && ch <= '9') {
372 state = sw_after_slash_in_uri;
377 * use single "/" from request line to preserve pointers,
378 * if request line will be copied to large client buffer
380 r->uri_start = r->schema_end + 1;
381 r->uri_end = r->schema_end + 2;
385 return NGX_HTTP_PARSE_INVALID_REQUEST;
389 /* check "/.", "//", "%", and "\" (Win32) in URI */
390 case sw_after_slash_in_uri:
392 if (usual[ch >> 5] & (1 << (ch & 0x1f))) {
393 state = sw_check_uri;
405 state = sw_almost_done;
430 r->args_start = p + 1;
444 state = sw_check_uri;
449 /* check "/", "%" and "\" (Win32) in URI */
452 if (usual[ch >> 5] & (1 << (ch & 0x1f))) {
459 state = sw_after_slash_in_uri;
471 state = sw_almost_done;
480 state = sw_after_slash_in_uri;
488 r->args_start = p + 1;
507 if (usual[ch >> 5] & (1 << (ch & 0x1f))) {
519 state = sw_almost_done;
534 /* space+ after URI */
541 state = sw_almost_done;
547 r->http_protocol.data = p;
551 return NGX_HTTP_PARSE_INVALID_REQUEST;
561 return NGX_HTTP_PARSE_INVALID_REQUEST;
571 return NGX_HTTP_PARSE_INVALID_REQUEST;
578 state = sw_http_HTTP;
581 return NGX_HTTP_PARSE_INVALID_REQUEST;
588 state = sw_first_major_digit;
591 return NGX_HTTP_PARSE_INVALID_REQUEST;
595 /* first digit of major HTTP version */
596 case sw_first_major_digit:
597 if (ch < '1' || ch > '9') {
598 return NGX_HTTP_PARSE_INVALID_REQUEST;
601 r->http_major = ch - '0';
602 state = sw_major_digit;
605 /* major HTTP version or dot */
608 state = sw_first_minor_digit;
612 if (ch < '0' || ch > '9') {
613 return NGX_HTTP_PARSE_INVALID_REQUEST;
616 r->http_major = r->http_major * 10 + ch - '0';
619 /* first digit of minor HTTP version */
620 case sw_first_minor_digit:
621 if (ch < '0' || ch > '9') {
622 return NGX_HTTP_PARSE_INVALID_REQUEST;
625 r->http_minor = ch - '0';
626 state = sw_minor_digit;
629 /* minor HTTP version or end of request line */
632 state = sw_almost_done;
641 state = sw_spaces_after_digit;
645 if (ch < '0' || ch > '9') {
646 return NGX_HTTP_PARSE_INVALID_REQUEST;
649 r->http_minor = r->http_minor * 10 + ch - '0';
652 case sw_spaces_after_digit:
657 state = sw_almost_done;
662 return NGX_HTTP_PARSE_INVALID_REQUEST;
666 /* end of request line */
668 r->request_end = p - 1;
673 return NGX_HTTP_PARSE_INVALID_REQUEST;
687 if (r->request_end == NULL) {
691 r->http_version = r->http_major * 1000 + r->http_minor;
694 if (r->http_version == 9 && r->method != NGX_HTTP_GET) {
695 return NGX_HTTP_PARSE_INVALID_09_METHOD;
703 ngx_http_parse_header_line(ngx_http_request_t *r, ngx_buf_t *b,
704 ngx_uint_t allow_underscores)
711 sw_space_before_value,
713 sw_space_after_value,
716 sw_header_almost_done
719 /* the last '\0' is not needed because string is zero terminated */
721 static u_char lowcase[] =
722 "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
723 "\0\0\0\0\0\0\0\0\0\0\0\0\0-\0\0" "0123456789\0\0\0\0\0\0"
724 "\0abcdefghijklmnopqrstuvwxyz\0\0\0\0\0"
725 "\0abcdefghijklmnopqrstuvwxyz\0\0\0\0\0"
726 "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
727 "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
728 "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
729 "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
732 hash = r->header_hash;
733 i = r->lowcase_index;
735 for (p = b->pos; p < b->last; p++) {
742 r->invalid_header = 0;
747 state = sw_header_almost_done;
754 r->header_name_start = p;
759 hash = ngx_hash(0, c);
760 r->lowcase_header[0] = c;
765 r->invalid_header = 1;
777 hash = ngx_hash(hash, c);
778 r->lowcase_header[i++] = c;
779 i &= (NGX_HTTP_LC_HEADER_LEN - 1);
784 if (allow_underscores) {
785 hash = ngx_hash(hash, ch);
786 r->lowcase_header[i++] = ch;
787 i &= (NGX_HTTP_LC_HEADER_LEN - 1);
790 r->invalid_header = 1;
797 r->header_name_end = p;
798 state = sw_space_before_value;
803 r->header_name_end = p;
806 state = sw_almost_done;
811 r->header_name_end = p;
817 /* IIS may send the duplicate "HTTP/1.1 ..." lines */
820 && p - r->header_name_start == 4
821 && ngx_strncmp(r->header_name_start, "HTTP", 4) == 0)
823 state = sw_ignore_line;
827 r->invalid_header = 1;
831 /* space* before header value */
832 case sw_space_before_value:
839 state = sw_almost_done;
857 state = sw_space_after_value;
861 state = sw_almost_done;
869 /* space* before end of header line */
870 case sw_space_after_value:
875 state = sw_almost_done;
885 /* ignore header line */
896 /* end of header line */
904 return NGX_HTTP_PARSE_INVALID_HEADER;
909 case sw_header_almost_done:
914 return NGX_HTTP_PARSE_INVALID_HEADER;
921 r->header_hash = hash;
922 r->lowcase_index = i;
930 r->header_hash = hash;
931 r->lowcase_index = i;
940 return NGX_HTTP_PARSE_HEADER_DONE;
945 ngx_http_parse_complex_uri(ngx_http_request_t *r, ngx_uint_t merge_slashes)
947 u_char c, ch, decoded, *p, *u;
958 } state, quoted_state;
960 #if (NGX_SUPPRESS_WARN)
962 quoted_state = sw_usual;
969 r->args_start = NULL;
973 while (p <= r->uri_end) {
976 * we use "ch = *p++" inside the cycle, but this operation is safe,
977 * because after the URI there is always at least one charcter:
981 ngx_log_debug4(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
982 "s:%d in:'%Xd:%c', out:'%c'", state, ch, ch, *u);
988 if (usual[ch >> 5] & (1 << (ch & 0x1f))) {
999 if (p == r->uri_start + r->uri.len) {
1002 * we omit the last "\" to cause redirect because
1003 * the browsers do not treat "\" as "/" in relative URL path
1019 quoted_state = state;
1043 if (usual[ch >> 5] & (1 << (ch & 0x1f))) {
1056 if (!merge_slashes) {
1065 quoted_state = state;
1086 if (usual[ch >> 5] & (1 << (ch & 0x1f))) {
1106 quoted_state = state;
1127 if (usual[ch >> 5] & (1 << (ch & 0x1f))) {
1141 if (u < r->uri.data) {
1142 return NGX_HTTP_PARSE_INVALID_REQUEST;
1144 while (*(u - 1) != '/') {
1149 quoted_state = state;
1159 state = sw_dot_dot_dot;
1175 case sw_dot_dot_dot:
1177 if (usual[ch >> 5] & (1 << (ch & 0x1f))) {
1189 if (u < r->uri.data) {
1190 return NGX_HTTP_PARSE_INVALID_REQUEST;
1195 if (u < r->uri.data) {
1196 return NGX_HTTP_PARSE_INVALID_REQUEST;
1198 while (*(u - 1) != '/') {
1203 quoted_state = state;
1226 if (ch >= '0' && ch <= '9') {
1227 decoded = (u_char) (ch - '0');
1228 state = sw_quoted_second;
1233 c = (u_char) (ch | 0x20);
1234 if (c >= 'a' && c <= 'f') {
1235 decoded = (u_char) (c - 'a' + 10);
1236 state = sw_quoted_second;
1241 return NGX_HTTP_PARSE_INVALID_REQUEST;
1243 case sw_quoted_second:
1244 if (ch >= '0' && ch <= '9') {
1245 ch = (u_char) ((decoded << 4) + ch - '0');
1258 } else if (ch == '\0') {
1262 state = quoted_state;
1266 c = (u_char) (ch | 0x20);
1267 if (c >= 'a' && c <= 'f') {
1268 ch = (u_char) ((decoded << 4) + c - 'a' + 10);
1274 } else if (ch == '+') {
1278 state = quoted_state;
1282 return NGX_HTTP_PARSE_INVALID_REQUEST;
1288 r->uri.len = u - r->uri.data;
1291 r->exten.len = u - r->uri_ext;
1292 r->exten.data = r->uri_ext;
1301 while (p < r->uri_end) {
1306 r->args.len = p - 1 - r->args_start;
1307 r->args.data = r->args_start;
1308 r->args_start = NULL;
1313 r->uri.len = u - r->uri.data;
1316 r->exten.len = u - r->uri_ext;
1317 r->exten.data = r->uri_ext;
1327 ngx_http_parse_unsafe_uri(ngx_http_request_t *r, ngx_str_t *uri,
1328 ngx_str_t *args, ngx_uint_t *flags)
1336 if (len == 0 || p[0] == '?') {
1340 if (p[0] == '.' && len == 3 && p[1] == '.' && (p[2] == '/'
1349 for ( /* void */ ; len; len--) {
1353 if (usual[ch >> 5] & (1 << (ch & 0x1f))) {
1358 args->len = len - 1;
1366 *flags |= NGX_HTTP_ZERO_IN_URI;
1378 if (p[0] == '.' && p[1] == '.' && p[2] == '/') {
1390 /* detect "/.../" */
1392 if (p[0] == '.' && p[1] == '.' && p[2] == '.'
1393 && (p[3] == '/' || p[3] == '\\'))
1406 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
1407 "unsafe URI \"%V\" was detected", uri);
1414 ngx_http_parse_multi_header_lines(ngx_array_t *headers, ngx_str_t *name,
1418 u_char *start, *last, *end, ch;
1419 ngx_table_elt_t **h;
1423 for (i = 0; i < headers->nelts; i++) {
1425 ngx_log_debug2(NGX_LOG_DEBUG_HTTP, headers->pool->log, 0,
1426 "parse header: \"%V: %V\"", &h[i]->key, &h[i]->value);
1428 if (name->len > h[i]->value.len) {
1432 start = h[i]->value.data;
1433 end = h[i]->value.data + h[i]->value.len;
1435 while (start < end) {
1437 if (ngx_strncasecmp(start, name->data, name->len) != 0) {
1441 for (start += name->len; start < end && *start == ' '; start++) {
1445 if (value == NULL) {
1446 if (start == end || *start == ',') {
1453 if (start == end || *start++ != '=') {
1454 /* the invalid header value */
1458 while (start < end && *start == ' ') { start++; }
1460 for (last = start; last < end && *last != ';'; last++) {
1464 value->len = last - start;
1465 value->data = start;
1471 while (start < end) {
1473 if (ch == ';' || ch == ',') {
1478 while (start < end && *start == ' ') { start++; }
1482 return NGX_DECLINED;
1487 ngx_http_arg(ngx_http_request_t *r, u_char *name, size_t len, ngx_str_t *value)
1491 if (r->args.len == 0) {
1492 return NGX_DECLINED;
1495 for (p = r->args.data; *p && *p != ' '; p++) {
1498 * although r->args.data is not null-terminated by itself,
1499 * however, there is null in the end of request line
1502 p = ngx_strcasestrn(p, (char *) name, len - 1);
1505 return NGX_DECLINED;
1508 if ((p == r->args.data || *(p - 1) == '&') && *(p + len) == '=') {
1510 value->data = p + len + 1;
1512 p = (u_char *) ngx_strchr(p, '&');
1515 p = r->args.data + r->args.len;
1518 value->len = p - value->data;
1524 return NGX_DECLINED;