op public repos

Blob

Date:: Mon Oct 4 09:31:43 2021 UTC
Message:: copy only `len' bytes, not the whole buffer We ended up copying too much data from the fastcgi process.
Actions:: History | Blame | Raw File
1 /*
2  * Copyright (c) 2021 Omar Polo <op@omarpolo.com>
3  *
4  * Permission to use, copy, modify, and distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15  */
16 
17 #include "gmid.h"
18 
19 #include <assert.h>
20 #include <errno.h>
21 #include <string.h>
22 
23 /*
24  * Sometimes it can be useful to inspect the fastcgi traffic as
25  * received by gmid.
26  *
27  * This will make gmid connect to a `debug.sock' socket (that must
28  * exists) in the current directory and send there a copy of what gets
29  * read.  The socket can be created and monitored e.g. with
30  *
31  *	rm -f debug.sock ; nc -Ulk ./debug.sock | hexdump -C
32  *
33  * NB: the sandbox must be disabled for this to work.
34  */
35 #define DEBUG_FCGI 0
36 
37 #if DEBUG_FCGI
38 # include <sys/un.h>
39 static int debug_socket = -1;
40 #endif
41 
42 struct fcgi_header {
43 	unsigned char version;
44 	unsigned char type;
45 	unsigned char req_id1;
46 	unsigned char req_id0;
47 	unsigned char content_len1;
48 	unsigned char content_len0;
49 	unsigned char padding;
50 	unsigned char reserved;
51 };
52 
53 /*
54  * number of bytes in a FCGI_HEADER.  Future version of the protocol
55  * will not reduce this number.
56  */
57 #define FCGI_HEADER_LEN	8
58 
59 /*
60  * values for the version component
61  */
62 #define FCGI_VERSION_1	1
63 
64 /*
65  * values for the type component
66  */
67 #define FCGI_BEGIN_REQUEST	 1
68 #define FCGI_ABORT_REQUEST	 2
69 #define FCGI_END_REQUEST	 3
70 #define FCGI_PARAMS		 4
71 #define FCGI_STDIN		 5
72 #define FCGI_STDOUT		 6
73 #define FCGI_STDERR		 7
74 #define FCGI_DATA		 8
75 #define FCGI_GET_VALUES		 9
76 #define FCGI_GET_VALUES_RESULT	10
77 #define FCGI_UNKNOWN_TYPE	11
78 #define FCGI_MAXTYPE		(FCGI_UNKNOWN_TYPE)
79 
80 struct fcgi_begin_req {
81 	unsigned char role1;
82 	unsigned char role0;
83 	unsigned char flags;
84 	unsigned char reserved[5];
85 };
86 
87 struct fcgi_begin_req_record {
88 	struct fcgi_header	header;
89 	struct fcgi_begin_req	body;
90 };
91 
92 /*
93  * mask for flags;
94  */
95 #define FCGI_KEEP_CONN		1
96 
97 /*
98  * values for the role
99  */
100 #define FCGI_RESPONDER	1
101 #define FCGI_AUTHORIZER	2
102 #define FCGI_FILTER	3
103 
104 struct fcgi_end_req_body {
105 	unsigned char app_status3;
106 	unsigned char app_status2;
107 	unsigned char app_status1;
108 	unsigned char app_status0;
109 	unsigned char proto_status;
110 	unsigned char reserved[3];
111 };
112 
113 /*
114  * values for proto_status
115  */
116 #define FCGI_REQUEST_COMPLETE	0
117 #define FCGI_CANT_MPX_CONN	1
118 #define FCGI_OVERLOADED		2
119 #define FCGI_UNKNOWN_ROLE	3
120 
121 /*
122  * Variable names for FCGI_GET_VALUES / FCGI_GET_VALUES_RESULT
123  * records.
124  */
125 #define FCGI_MAX_CONNS	"FCGI_MAX_CONNS"
126 #define FCGI_MAX_REQS	"FCGI_MAX_REQS"
127 #define FCGI_MPXS_CONNS	"FCGI_MPXS_CONNS"
128 
129 static int
130 prepare_header(struct fcgi_header *h, int type, int id, size_t size,
131     size_t padding)
132 {
133 	memset(h, 0, sizeof(*h));
134 
135 	/*
136 	 * id=0 is reserved for status messages.
137 	 */
138 	id++;
139 
140 	h->version = FCGI_VERSION_1;
141         h->type = type;
142 	h->req_id1 = (id >> 8);
143 	h->req_id0 = (id & 0xFF);
144 	h->content_len1 = (size >> 8);
145 	h->content_len0 = (size & 0xFF);
146 	h->padding = padding;
147 
148 	return 0;
149 }
150 
151 static int
152 fcgi_begin_request(struct bufferevent *bev, int id)
153 {
154 	struct fcgi_begin_req_record r;
155 
156 	if (id > UINT16_MAX)
157 		return -1;
158 
159 	memset(&r, 0, sizeof(r));
160 	prepare_header(&r.header, FCGI_BEGIN_REQUEST, id,
161 	    sizeof(r.body), 0);
162 	assert(sizeof(r.body) == FCGI_HEADER_LEN);
163 
164 	r.body.role1 = 0;
165 	r.body.role0 = FCGI_RESPONDER;
166 	r.body.flags = FCGI_KEEP_CONN;
167 
168 	if (bufferevent_write(bev, &r, sizeof(r)) == -1)
169 		return -1;
170 	return 0;
171 }
172 
173 static int
174 fcgi_send_param(struct bufferevent *bev, int id, const char *name,
175     const char *value)
176 {
177 	struct fcgi_header	h;
178         uint32_t		namlen, vallen, padlen;
179 	uint8_t			s[8];
180 	size_t			size;
181 	char			padding[8] = { 0 };
182 
183 	namlen = strlen(name);
184 	vallen = strlen(value);
185 	size = namlen + vallen + 8; /* 4 for the sizes */
186 	padlen = (8 - (size & 0x7)) & 0x7;
187 
188 	s[0] = ( namlen >> 24)         | 0x80;
189 	s[1] = ((namlen >> 16) & 0xFF);
190 	s[2] = ((namlen >>  8) & 0xFF);
191 	s[3] = ( namlen        & 0xFF);
192 
193 	s[4] = ( vallen >> 24)         | 0x80;
194 	s[5] = ((vallen >> 16) & 0xFF);
195 	s[6] = ((vallen >>  8) & 0xFF);
196 	s[7] = ( vallen        & 0xFF);
197 
198 	prepare_header(&h, FCGI_PARAMS, id, size, padlen);
199 
200 	if (bufferevent_write(bev, &h, sizeof(h))   == -1 ||
201 	    bufferevent_write(bev, s, sizeof(s))    == -1 ||
202 	    bufferevent_write(bev, name, namlen)    == -1 ||
203 	    bufferevent_write(bev, value, vallen)   == -1 ||
204 	    bufferevent_write(bev, padding, padlen) == -1)
205 		return -1;
206 
207 	return 0;
208 }
209 
210 static int
211 fcgi_end_param(struct bufferevent *bev, int id)
212 {
213 	struct fcgi_header h;
214 
215 	prepare_header(&h, FCGI_PARAMS, id, 0, 0);
216 	if (bufferevent_write(bev, &h, sizeof(h)) == -1)
217 		return -1;
218 
219 	prepare_header(&h, FCGI_STDIN, id, 0, 0);
220 	if (bufferevent_write(bev, &h, sizeof(h)) == -1)
221 		return -1;
222 
223 	return 0;
224 }
225 
226 void
227 fcgi_abort_request(struct client *c)
228 {
229 	struct fcgi *f;
230 	struct fcgi_header h;
231 
232 	f = &fcgi[c->fcgi];
233 
234 	prepare_header(&h, FCGI_ABORT_REQUEST, c->id, 0, 0);
235 
236 	if (bufferevent_write(f->bev, &h, sizeof(h)) == -1)
237 		fcgi_close_backend(f);
238 }
239 
240 static inline int
241 recid(struct fcgi_header *h)
242 {
243 	return h->req_id0 + (h->req_id1 << 8) - 1;
244 }
245 
246 static inline int
247 reclen(struct fcgi_header *h)
248 {
249 	return h->content_len0 + (h->content_len1 << 8);
250 }
251 
252 void
253 fcgi_close_backend(struct fcgi *f)
254 {
255 	bufferevent_free(f->bev);
256 	f->bev = NULL;
257 	close(fcgi->fd);
258 	fcgi->fd = -1;
259 	fcgi->pending = 0;
260 	fcgi->s = FCGI_OFF;
261 }
262 
263 void
264 fcgi_read(struct bufferevent *bev, void *d)
265 {
266 	struct fcgi		*fcgi = d;
267 	struct evbuffer		*src = EVBUFFER_INPUT(bev);
268 	struct fcgi_header	 hdr;
269 	struct fcgi_end_req_body end;
270 	struct client		*c;
271 	size_t			 len;
272 
273 #if DEBUG_FCGI
274 	if (debug_socket == -1) {
275 		struct sockaddr_un addr;
276 
277 		if ((debug_socket = socket(AF_UNIX, SOCK_STREAM, 0)) == -1)
278 			err(1, "socket");
279 
280 		memset(&addr, 0, sizeof(addr));
281 		addr.sun_family = AF_UNIX;
282 		strlcpy(addr.sun_path, "./debug.sock", sizeof(addr.sun_path));
283 		if (connect(debug_socket, (struct sockaddr*)&addr, sizeof(addr))
284 		    == -1)
285 			err(1, "connect");
286 	}
287 #endif
288 
289 	for (;;) {
290 		if (EVBUFFER_LENGTH(src) < sizeof(hdr))
291 			return;
292 
293 		memcpy(&hdr, EVBUFFER_DATA(src), sizeof(hdr));
294 
295 		c = try_client_by_id(recid(&hdr));
296 		if (c == NULL) {
297 			log_err(NULL,
298 			    "got invalid client id %d from fcgi backend %d",
299 			    recid(&hdr), fcgi->id);
300 			goto err;
301 		}
302 
303 		len = reclen(&hdr);
304 
305 		if (EVBUFFER_LENGTH(src) < sizeof(hdr) + len + hdr.padding)
306 			return;
307 
308 #if DEBUG_FCGI
309 		write(debug_socket, EVBUFFER_DATA(src),
310 		    sizeof(hdr) + len + hdr.padding);
311 #endif
312 
313 		evbuffer_drain(src, sizeof(hdr));
314 
315 		switch (hdr.type) {
316 		case FCGI_END_REQUEST:
317 			if (len != sizeof(end)) {
318 				log_err(NULL,
319 				    "got invalid end request record size");
320 				goto err;
321 			}
322 			bufferevent_read(bev, &end, sizeof(end));
323 
324 			/* TODO: do something with the status? */
325 			fcgi->pending--;
326 			c->fcgi = -1;
327 			c->type = REQUEST_DONE;
328 			client_write(c->bev, c);
329 			break;
330 
331 		case FCGI_STDERR:
332 			/* discard stderr (for now) */
333 			evbuffer_drain(src, len);
334 			break;
335 
336 		case FCGI_STDOUT:
337 			bufferevent_write(c->bev, EVBUFFER_DATA(src), len);
338 			evbuffer_drain(src, len);
339 			break;
340 
341 		default:
342 			log_err(NULL, "got invalid fcgi record (type=%d)",
343 			    hdr.type);
344 			goto err;
345 		}
346 
347 		evbuffer_drain(src, hdr.padding);
348 
349 		if (fcgi->pending == 0 && shutting_down) {
350 			fcgi_error(bev, EVBUFFER_EOF, fcgi);
351 			return;
352 		}
353 	}
354 
355 err:
356 	fcgi_error(bev, EVBUFFER_ERROR, fcgi);
357 }
358 
359 void
360 fcgi_write(struct bufferevent *bev, void *d)
361 {
362 	/*
363 	 * There's no much use for the write callback.
364 	 */
365 	return;
366 }
367 
368 void
369 fcgi_error(struct bufferevent *bev, short err, void *d)
370 {
371 	struct fcgi	*fcgi = d;
372 	struct client	*c;
373 	size_t		 i;
374 
375 	if (!(err & (EVBUFFER_ERROR|EVBUFFER_EOF)))
376 		log_warn(NULL, "unknown event error (%x): %s",
377 		    err, strerror(errno));
378 
379 	for (i = 0; i < MAX_USERS; ++i) {
380 		c = &clients[i];
381 
382 		if (c->fcgi != fcgi->id)
383 			continue;
384 
385 		if (c->code != 0)
386 			client_close(c);
387 		else
388 			start_reply(c, CGI_ERROR, "CGI error");
389 	}
390 
391 	fcgi_close_backend(fcgi);
392 }
393 
394 void
395 fcgi_req(struct fcgi *f, struct client *c)
396 {
397 	char		 addr[NI_MAXHOST], buf[22];
398 	int		 e;
399 	time_t		 tim;
400 	struct tm	 tminfo;
401 	struct envlist	*p;
402 
403 	f->pending++;
404 
405 	e = getnameinfo((struct sockaddr*)&c->addr, sizeof(c->addr),
406 	    addr, sizeof(addr),
407 	    NULL, 0,
408 	    NI_NUMERICHOST);
409 	if (e != 0)
410 		fatal("getnameinfo failed: %s (%s)",
411 		    gai_strerror(e), strerror(errno));
412 
413 	fcgi_begin_request(f->bev, c->id);
414 	fcgi_send_param(f->bev, c->id, "GATEWAY_INTERFACE", "CGI/1.1");
415 	fcgi_send_param(f->bev, c->id, "GEMINI_URL_PATH", c->iri.path);
416 	fcgi_send_param(f->bev, c->id, "QUERY_STRING", c->iri.query);
417 	fcgi_send_param(f->bev, c->id, "REMOTE_ADDR", addr);
418 	fcgi_send_param(f->bev, c->id, "REMOTE_HOST", addr);
419 	fcgi_send_param(f->bev, c->id, "REQUEST_METHOD", "");
420 	fcgi_send_param(f->bev, c->id, "SERVER_NAME", c->iri.host);
421 	fcgi_send_param(f->bev, c->id, "SERVER_PROTOCOL", "GEMINI");
422 	fcgi_send_param(f->bev, c->id, "SERVER_SOFTWARE", GMID_VERSION);
423 
424 	if (tls_peer_cert_provided(c->ctx)) {
425 		fcgi_send_param(f->bev, c->id, "AUTH_TYPE", "CERTIFICATE");
426 		fcgi_send_param(f->bev, c->id, "REMOTE_USER",
427 		    tls_peer_cert_subject(c->ctx));
428 		fcgi_send_param(f->bev, c->id, "TLS_CLIENT_ISSUER",
429 		    tls_peer_cert_issuer(c->ctx));
430 		fcgi_send_param(f->bev, c->id, "TLS_CLIENT_HASH",
431 		    tls_peer_cert_hash(c->ctx));
432 		fcgi_send_param(f->bev, c->id, "TLS_VERSION",
433 		    tls_conn_version(c->ctx));
434 		fcgi_send_param(f->bev, c->id, "TLS_CIPHER",
435 		    tls_conn_cipher(c->ctx));
436 
437 		snprintf(buf, sizeof(buf), "%d",
438 		    tls_conn_cipher_strength(c->ctx));
439 		fcgi_send_param(f->bev, c->id, "TLS_CIPHER_STRENGTH", buf);
440 
441 		tim = tls_peer_cert_notbefore(c->ctx);
442 		strftime(buf, sizeof(buf), "%FT%TZ",
443 		    gmtime_r(&tim, &tminfo));
444 		fcgi_send_param(f->bev, c->id, "TLS_CLIENT_NOT_BEFORE", buf);
445 
446 		tim = tls_peer_cert_notafter(c->ctx);
447 		strftime(buf, sizeof(buf), "%FT%TZ",
448 		    gmtime_r(&tim, &tminfo));
449 		fcgi_send_param(f->bev, c->id, "TLS_CLIENT_NOT_AFTER", buf);
450 
451 		TAILQ_FOREACH(p, &c->host->params, envs) {
452 			fcgi_send_param(f->bev, c->id, p->name, p->value);
453 		}
454 	} else
455 		fcgi_send_param(f->bev, c->id, "AUTH_TYPE", "");
456 
457 	if (fcgi_end_param(f->bev, c->id) == -1)
458 		fcgi_error(f->bev, EVBUFFER_ERROR, f);
459 }