handle_form.inl 31 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082
  1. /* Copyright (c) 2016-2021 the Civetweb developers
  2. *
  3. * Permission is hereby granted, free of charge, to any person obtaining a copy
  4. * of this software and associated documentation files (the "Software"), to deal
  5. * in the Software without restriction, including without limitation the rights
  6. * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
  7. * copies of the Software, and to permit persons to whom the Software is
  8. * furnished to do so, subject to the following conditions:
  9. *
  10. * The above copyright notice and this permission notice shall be included in
  11. * all copies or substantial portions of the Software.
  12. *
  13. * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  14. * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  15. * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
  16. * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  17. * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  18. * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  19. * THE SOFTWARE.
  20. */
  21. static int
  22. url_encoded_field_found(const struct mg_connection *conn,
  23. const char *key,
  24. size_t key_len,
  25. const char *filename,
  26. size_t filename_len,
  27. char *path,
  28. size_t path_len,
  29. struct mg_form_data_handler *fdh)
  30. {
  31. char key_dec[1024];
  32. char filename_dec[1024];
  33. int key_dec_len;
  34. int filename_dec_len;
  35. int ret;
  36. key_dec_len =
  37. mg_url_decode(key, (int)key_len, key_dec, (int)sizeof(key_dec), 1);
  38. if (((size_t)key_dec_len >= (size_t)sizeof(key_dec)) || (key_dec_len < 0)) {
  39. return MG_FORM_FIELD_STORAGE_SKIP;
  40. }
  41. if (filename) {
  42. filename_dec_len = mg_url_decode(filename,
  43. (int)filename_len,
  44. filename_dec,
  45. (int)sizeof(filename_dec),
  46. 1);
  47. if (((size_t)filename_dec_len >= (size_t)sizeof(filename_dec))
  48. || (filename_dec_len < 0)) {
  49. /* Log error message and skip this field. */
  50. mg_cry_internal(conn, "%s: Cannot decode filename", __func__);
  51. return MG_FORM_FIELD_STORAGE_SKIP;
  52. }
  53. remove_dot_segments(filename_dec);
  54. } else {
  55. filename_dec[0] = 0;
  56. }
  57. ret =
  58. fdh->field_found(key_dec, filename_dec, path, path_len, fdh->user_data);
  59. if ((ret & 0xF) == MG_FORM_FIELD_STORAGE_GET) {
  60. if (fdh->field_get == NULL) {
  61. mg_cry_internal(conn,
  62. "%s: Function \"Get\" not available",
  63. __func__);
  64. return MG_FORM_FIELD_STORAGE_SKIP;
  65. }
  66. }
  67. if ((ret & 0xF) == MG_FORM_FIELD_STORAGE_STORE) {
  68. if (fdh->field_store == NULL) {
  69. mg_cry_internal(conn,
  70. "%s: Function \"Store\" not available",
  71. __func__);
  72. return MG_FORM_FIELD_STORAGE_SKIP;
  73. }
  74. }
  75. return ret;
  76. }
  77. static int
  78. url_encoded_field_get(
  79. const struct mg_connection *conn,
  80. const char *key,
  81. size_t key_len,
  82. const char *value,
  83. size_t *value_len, /* IN: number of bytes available in "value", OUT: number
  84. of bytes processed */
  85. struct mg_form_data_handler *fdh)
  86. {
  87. char key_dec[1024];
  88. char *value_dec = (char *)mg_malloc_ctx(*value_len + 1, conn->phys_ctx);
  89. int value_dec_len, ret;
  90. if (!value_dec) {
  91. /* Log error message and stop parsing the form data. */
  92. mg_cry_internal(conn,
  93. "%s: Not enough memory (required: %lu)",
  94. __func__,
  95. (unsigned long)(*value_len + 1));
  96. return MG_FORM_FIELD_STORAGE_ABORT;
  97. }
  98. mg_url_decode(key, (int)key_len, key_dec, (int)sizeof(key_dec), 1);
  99. if (*value_len >= 2 && value[*value_len - 2] == '%')
  100. *value_len -= 2;
  101. else if (*value_len >= 1 && value[*value_len - 1] == '%')
  102. (*value_len)--;
  103. value_dec_len = mg_url_decode(
  104. value, (int)*value_len, value_dec, ((int)*value_len) + 1, 1);
  105. ret = fdh->field_get(key_dec,
  106. value_dec,
  107. (size_t)value_dec_len,
  108. fdh->user_data);
  109. mg_free(value_dec);
  110. return ret;
  111. }
  112. static int
  113. unencoded_field_get(const struct mg_connection *conn,
  114. const char *key,
  115. size_t key_len,
  116. const char *value,
  117. size_t value_len,
  118. struct mg_form_data_handler *fdh)
  119. {
  120. char key_dec[1024];
  121. (void)conn;
  122. mg_url_decode(key, (int)key_len, key_dec, (int)sizeof(key_dec), 1);
  123. return fdh->field_get(key_dec, value, value_len, fdh->user_data);
  124. }
  125. static int
  126. field_stored(const struct mg_connection *conn,
  127. const char *path,
  128. long long file_size,
  129. struct mg_form_data_handler *fdh)
  130. {
  131. /* Equivalent to "upload" callback of "mg_upload". */
  132. (void)conn; /* we do not need mg_cry here, so conn is currently unused */
  133. return fdh->field_store(path, file_size, fdh->user_data);
  134. }
  135. static const char *
  136. search_boundary(const char *buf,
  137. size_t buf_len,
  138. const char *boundary,
  139. size_t boundary_len)
  140. {
  141. /* We must do a binary search here, not a string search, since the buffer
  142. * may contain '\x00' bytes, if binary data is transferred. */
  143. int clen = (int)buf_len - (int)boundary_len - 4;
  144. int i;
  145. for (i = 0; i <= clen; i++) {
  146. if (!memcmp(buf + i, "\r\n--", 4)) {
  147. if (!memcmp(buf + i + 4, boundary, boundary_len)) {
  148. return buf + i;
  149. }
  150. }
  151. }
  152. return NULL;
  153. }
  154. int
  155. mg_handle_form_request(struct mg_connection *conn,
  156. struct mg_form_data_handler *fdh)
  157. {
  158. const char *content_type;
  159. char path[512];
  160. char buf[MG_BUF_LEN]; /* Must not be smaller than ~900 */
  161. int field_storage;
  162. int buf_fill = 0;
  163. int r;
  164. int field_count = 0;
  165. struct mg_file fstore = STRUCT_FILE_INITIALIZER;
  166. int64_t file_size = 0; /* init here, to a avoid a false positive
  167. "uninitialized variable used" warning */
  168. int has_body_data =
  169. (conn->request_info.content_length > 0) || (conn->is_chunked);
  170. /* Unused without filesystems */
  171. (void)fstore;
  172. (void)file_size;
  173. /* There are three ways to encode data from a HTML form:
  174. * 1) method: GET (default)
  175. * The form data is in the HTTP query string.
  176. * 2) method: POST, enctype: "application/x-www-form-urlencoded"
  177. * The form data is in the request body.
  178. * The body is url encoded (the default encoding for POST).
  179. * 3) method: POST, enctype: "multipart/form-data".
  180. * The form data is in the request body of a multipart message.
  181. * This is the typical way to handle file upload from a form.
  182. */
  183. if (!has_body_data) {
  184. const char *data;
  185. if (0 != strcmp(conn->request_info.request_method, "GET")) {
  186. /* No body data, but not a GET request.
  187. * This is not a valid form request. */
  188. return -1;
  189. }
  190. /* GET request: form data is in the query string. */
  191. /* The entire data has already been loaded, so there is no nead to
  192. * call mg_read. We just need to split the query string into key-value
  193. * pairs. */
  194. data = conn->request_info.query_string;
  195. if (!data) {
  196. /* No query string. */
  197. return -1;
  198. }
  199. /* Split data in a=1&b=xy&c=3&c=4 ... */
  200. while (*data) {
  201. const char *val = strchr(data, '=');
  202. const char *next;
  203. ptrdiff_t keylen, vallen;
  204. if (!val) {
  205. break;
  206. }
  207. keylen = val - data;
  208. /* In every "field_found" callback we ask what to do with the
  209. * data ("field_storage"). This could be:
  210. * MG_FORM_FIELD_STORAGE_SKIP (0):
  211. * ignore the value of this field
  212. * MG_FORM_FIELD_STORAGE_GET (1):
  213. * read the data and call the get callback function
  214. * MG_FORM_FIELD_STORAGE_STORE (2):
  215. * store the data in a file
  216. * MG_FORM_FIELD_STORAGE_READ (3):
  217. * let the user read the data (for parsing long data on the fly)
  218. * MG_FORM_FIELD_STORAGE_ABORT (flag):
  219. * stop parsing
  220. */
  221. memset(path, 0, sizeof(path));
  222. field_count++;
  223. field_storage = url_encoded_field_found(conn,
  224. data,
  225. (size_t)keylen,
  226. NULL,
  227. 0,
  228. path,
  229. sizeof(path) - 1,
  230. fdh);
  231. val++;
  232. next = strchr(val, '&');
  233. if (next) {
  234. vallen = next - val;
  235. } else {
  236. vallen = (ptrdiff_t)strlen(val);
  237. }
  238. if (field_storage == MG_FORM_FIELD_STORAGE_GET) {
  239. /* Call callback */
  240. r = url_encoded_field_get(
  241. conn, data, (size_t)keylen, val, (size_t *)&vallen, fdh);
  242. if (r == MG_FORM_FIELD_HANDLE_ABORT) {
  243. /* Stop request handling */
  244. break;
  245. }
  246. if (r == MG_FORM_FIELD_HANDLE_NEXT) {
  247. /* Skip to next field */
  248. field_storage = MG_FORM_FIELD_STORAGE_SKIP;
  249. }
  250. }
  251. if (next) {
  252. next++;
  253. } else {
  254. /* vallen may have been modified by url_encoded_field_get */
  255. next = val + vallen;
  256. }
  257. #if !defined(NO_FILESYSTEMS)
  258. if (field_storage == MG_FORM_FIELD_STORAGE_STORE) {
  259. /* Store the content to a file */
  260. if (mg_fopen(conn, path, MG_FOPEN_MODE_WRITE, &fstore) == 0) {
  261. fstore.access.fp = NULL;
  262. }
  263. file_size = 0;
  264. if (fstore.access.fp != NULL) {
  265. size_t n = (size_t)
  266. fwrite(val, 1, (size_t)vallen, fstore.access.fp);
  267. if ((n != (size_t)vallen) || (ferror(fstore.access.fp))) {
  268. mg_cry_internal(conn,
  269. "%s: Cannot write file %s",
  270. __func__,
  271. path);
  272. (void)mg_fclose(&fstore.access);
  273. remove_bad_file(conn, path);
  274. }
  275. file_size += (int64_t)n;
  276. if (fstore.access.fp) {
  277. r = mg_fclose(&fstore.access);
  278. if (r == 0) {
  279. /* stored successfully */
  280. r = field_stored(conn, path, file_size, fdh);
  281. if (r == MG_FORM_FIELD_HANDLE_ABORT) {
  282. /* Stop request handling */
  283. break;
  284. }
  285. } else {
  286. mg_cry_internal(conn,
  287. "%s: Error saving file %s",
  288. __func__,
  289. path);
  290. remove_bad_file(conn, path);
  291. }
  292. fstore.access.fp = NULL;
  293. }
  294. } else {
  295. mg_cry_internal(conn,
  296. "%s: Cannot create file %s",
  297. __func__,
  298. path);
  299. }
  300. }
  301. #endif /* NO_FILESYSTEMS */
  302. /* if (field_storage == MG_FORM_FIELD_STORAGE_READ) { */
  303. /* The idea of "field_storage=read" is to let the API user read
  304. * data chunk by chunk and to some data processing on the fly.
  305. * This should avoid the need to store data in the server:
  306. * It should neither be stored in memory, like
  307. * "field_storage=get" does, nor in a file like
  308. * "field_storage=store".
  309. * However, for a "GET" request this does not make any much
  310. * sense, since the data is already stored in memory, as it is
  311. * part of the query string.
  312. */
  313. /* } */
  314. if ((field_storage & MG_FORM_FIELD_STORAGE_ABORT)
  315. == MG_FORM_FIELD_STORAGE_ABORT) {
  316. /* Stop parsing the request */
  317. break;
  318. }
  319. /* Proceed to next entry */
  320. data = next;
  321. }
  322. return field_count;
  323. }
  324. content_type = mg_get_header(conn, "Content-Type");
  325. if (!content_type
  326. || !mg_strncasecmp(content_type,
  327. "APPLICATION/X-WWW-FORM-URLENCODED",
  328. 33)
  329. || !mg_strncasecmp(content_type,
  330. "APPLICATION/WWW-FORM-URLENCODED",
  331. 31)) {
  332. /* The form data is in the request body data, encoded in key/value
  333. * pairs. */
  334. int all_data_read = 0;
  335. /* Read body data and split it in keys and values.
  336. * The encoding is like in the "GET" case above: a=1&b&c=3&c=4.
  337. * Here we use "POST", and read the data from the request body.
  338. * The data read on the fly, so it is not required to buffer the
  339. * entire request in memory before processing it. */
  340. for (;;) {
  341. const char *val;
  342. const char *next;
  343. ptrdiff_t keylen, vallen;
  344. ptrdiff_t used;
  345. int end_of_key_value_pair_found = 0;
  346. int get_block;
  347. if ((size_t)buf_fill < (sizeof(buf) - 1)) {
  348. size_t to_read = sizeof(buf) - 1 - (size_t)buf_fill;
  349. r = mg_read(conn, buf + (size_t)buf_fill, to_read);
  350. if ((r < 0) || ((r == 0) && all_data_read)) {
  351. /* read error */
  352. return -1;
  353. }
  354. if (r == 0) {
  355. /* TODO: Create a function to get "all_data_read" from
  356. * the conn object. All data is read if the Content-Length
  357. * has been reached, or if chunked encoding is used and
  358. * the end marker has been read, or if the connection has
  359. * been closed. */
  360. all_data_read = (buf_fill == 0);
  361. }
  362. buf_fill += r;
  363. buf[buf_fill] = 0;
  364. if (buf_fill < 1) {
  365. break;
  366. }
  367. }
  368. val = strchr(buf, '=');
  369. if (!val) {
  370. break;
  371. }
  372. keylen = val - buf;
  373. val++;
  374. /* Call callback */
  375. memset(path, 0, sizeof(path));
  376. field_count++;
  377. field_storage = url_encoded_field_found(conn,
  378. buf,
  379. (size_t)keylen,
  380. NULL,
  381. 0,
  382. path,
  383. sizeof(path) - 1,
  384. fdh);
  385. if ((field_storage & MG_FORM_FIELD_STORAGE_ABORT)
  386. == MG_FORM_FIELD_STORAGE_ABORT) {
  387. /* Stop parsing the request */
  388. break;
  389. }
  390. #if !defined(NO_FILESYSTEMS)
  391. if (field_storage == MG_FORM_FIELD_STORAGE_STORE) {
  392. if (mg_fopen(conn, path, MG_FOPEN_MODE_WRITE, &fstore) == 0) {
  393. fstore.access.fp = NULL;
  394. }
  395. file_size = 0;
  396. if (!fstore.access.fp) {
  397. mg_cry_internal(conn,
  398. "%s: Cannot create file %s",
  399. __func__,
  400. path);
  401. }
  402. }
  403. #endif /* NO_FILESYSTEMS */
  404. get_block = 0;
  405. /* Loop to read values larger than sizeof(buf)-keylen-2 */
  406. do {
  407. next = strchr(val, '&');
  408. if (next) {
  409. vallen = next - val;
  410. end_of_key_value_pair_found = 1;
  411. } else {
  412. vallen = (ptrdiff_t)strlen(val);
  413. end_of_key_value_pair_found = all_data_read;
  414. }
  415. if (field_storage == MG_FORM_FIELD_STORAGE_GET) {
  416. #if 0
  417. if (!end_of_key_value_pair_found && !all_data_read) {
  418. /* This callback will deliver partial contents */
  419. }
  420. #endif
  421. /* Call callback */
  422. r = url_encoded_field_get(conn,
  423. ((get_block > 0) ? NULL : buf),
  424. ((get_block > 0)
  425. ? 0
  426. : (size_t)keylen),
  427. val,
  428. (size_t *)&vallen,
  429. fdh);
  430. get_block++;
  431. if (r == MG_FORM_FIELD_HANDLE_ABORT) {
  432. /* Stop request handling */
  433. break;
  434. }
  435. if (r == MG_FORM_FIELD_HANDLE_NEXT) {
  436. /* Skip to next field */
  437. field_storage = MG_FORM_FIELD_STORAGE_SKIP;
  438. }
  439. }
  440. if (next) {
  441. next++;
  442. } else {
  443. /* vallen may have been modified by url_encoded_field_get */
  444. next = val + vallen;
  445. }
  446. #if !defined(NO_FILESYSTEMS)
  447. if (fstore.access.fp) {
  448. size_t n = (size_t)
  449. fwrite(val, 1, (size_t)vallen, fstore.access.fp);
  450. if ((n != (size_t)vallen) || (ferror(fstore.access.fp))) {
  451. mg_cry_internal(conn,
  452. "%s: Cannot write file %s",
  453. __func__,
  454. path);
  455. mg_fclose(&fstore.access);
  456. remove_bad_file(conn, path);
  457. }
  458. file_size += (int64_t)n;
  459. }
  460. #endif /* NO_FILESYSTEMS */
  461. if (!end_of_key_value_pair_found) {
  462. used = next - buf;
  463. memmove(buf,
  464. buf + (size_t)used,
  465. sizeof(buf) - (size_t)used);
  466. next = buf;
  467. buf_fill -= (int)used;
  468. if ((size_t)buf_fill < (sizeof(buf) - 1)) {
  469. size_t to_read = sizeof(buf) - 1 - (size_t)buf_fill;
  470. r = mg_read(conn, buf + (size_t)buf_fill, to_read);
  471. if ((r < 0) || ((r == 0) && all_data_read)) {
  472. #if !defined(NO_FILESYSTEMS)
  473. /* read error */
  474. if (fstore.access.fp) {
  475. mg_fclose(&fstore.access);
  476. remove_bad_file(conn, path);
  477. }
  478. return -1;
  479. #endif /* NO_FILESYSTEMS */
  480. }
  481. if (r == 0) {
  482. /* TODO: Create a function to get "all_data_read"
  483. * from the conn object. All data is read if the
  484. * Content-Length has been reached, or if chunked
  485. * encoding is used and the end marker has been
  486. * read, or if the connection has been closed. */
  487. all_data_read = (buf_fill == 0);
  488. }
  489. buf_fill += r;
  490. buf[buf_fill] = 0;
  491. if (buf_fill < 1) {
  492. break;
  493. }
  494. val = buf;
  495. }
  496. }
  497. } while (!end_of_key_value_pair_found);
  498. #if !defined(NO_FILESYSTEMS)
  499. if (fstore.access.fp) {
  500. r = mg_fclose(&fstore.access);
  501. if (r == 0) {
  502. /* stored successfully */
  503. r = field_stored(conn, path, file_size, fdh);
  504. if (r == MG_FORM_FIELD_HANDLE_ABORT) {
  505. /* Stop request handling */
  506. break;
  507. }
  508. } else {
  509. mg_cry_internal(conn,
  510. "%s: Error saving file %s",
  511. __func__,
  512. path);
  513. remove_bad_file(conn, path);
  514. }
  515. fstore.access.fp = NULL;
  516. }
  517. #endif /* NO_FILESYSTEMS */
  518. if (all_data_read && (buf_fill == 0)) {
  519. /* nothing more to process */
  520. break;
  521. }
  522. /* Proceed to next entry */
  523. used = next - buf;
  524. memmove(buf, buf + (size_t)used, sizeof(buf) - (size_t)used);
  525. buf_fill -= (int)used;
  526. }
  527. return field_count;
  528. }
  529. if (!mg_strncasecmp(content_type, "MULTIPART/FORM-DATA;", 20)) {
  530. /* The form data is in the request body data, encoded as multipart
  531. * content (see https://www.ietf.org/rfc/rfc1867.txt,
  532. * https://www.ietf.org/rfc/rfc2388.txt). */
  533. char *boundary;
  534. size_t bl;
  535. ptrdiff_t used;
  536. struct mg_request_info part_header;
  537. char *hbuf;
  538. const char *content_disp, *hend, *fbeg, *fend, *nbeg, *nend;
  539. const char *next;
  540. unsigned part_no;
  541. int all_data_read = 0;
  542. memset(&part_header, 0, sizeof(part_header));
  543. /* Skip all spaces between MULTIPART/FORM-DATA; and BOUNDARY= */
  544. bl = 20;
  545. while (content_type[bl] == ' ') {
  546. bl++;
  547. }
  548. /* There has to be a BOUNDARY definition in the Content-Type header */
  549. if (mg_strncasecmp(content_type + bl, "BOUNDARY=", 9)) {
  550. /* Malformed request */
  551. return -1;
  552. }
  553. /* Copy boundary string to variable "boundary" */
  554. fbeg = content_type + bl + 9;
  555. bl = strlen(fbeg);
  556. boundary = (char *)mg_malloc(bl + 1);
  557. if (!boundary) {
  558. /* Out of memory */
  559. mg_cry_internal(conn,
  560. "%s: Cannot allocate memory for boundary [%lu]",
  561. __func__,
  562. (unsigned long)bl);
  563. return -1;
  564. }
  565. memcpy(boundary, fbeg, bl);
  566. boundary[bl] = 0;
  567. /* RFC 2046 permits the boundary string to be quoted. */
  568. /* If the boundary is quoted, trim the quotes */
  569. if (boundary[0] == '"') {
  570. hbuf = strchr(boundary + 1, '"');
  571. if ((!hbuf) || (*hbuf != '"')) {
  572. /* Malformed request */
  573. mg_free(boundary);
  574. return -1;
  575. }
  576. *hbuf = 0;
  577. memmove(boundary, boundary + 1, bl);
  578. bl = strlen(boundary);
  579. }
  580. /* Do some sanity checks for boundary lengths */
  581. if (bl > 70) {
  582. /* From RFC 2046:
  583. * Boundary delimiters must not appear within the
  584. * encapsulated material, and must be no longer
  585. * than 70 characters, not counting the two
  586. * leading hyphens.
  587. */
  588. /* The algorithm can not work if bl >= sizeof(buf), or if buf
  589. * can not hold the multipart header plus the boundary.
  590. * Requests with long boundaries are not RFC compliant, maybe they
  591. * are intended attacks to interfere with this algorithm. */
  592. mg_free(boundary);
  593. return -1;
  594. }
  595. if (bl < 4) {
  596. /* Sanity check: A boundary string of less than 4 bytes makes
  597. * no sense either. */
  598. mg_free(boundary);
  599. return -1;
  600. }
  601. for (part_no = 0;; part_no++) {
  602. size_t towrite, fnlen, n;
  603. int get_block;
  604. size_t to_read = sizeof(buf) - 1 - (size_t)buf_fill;
  605. /* Unused without filesystems */
  606. (void)n;
  607. r = mg_read(conn, buf + (size_t)buf_fill, to_read);
  608. if ((r < 0) || ((r == 0) && all_data_read)) {
  609. /* read error */
  610. mg_free(boundary);
  611. return -1;
  612. }
  613. if (r == 0) {
  614. all_data_read = (buf_fill == 0);
  615. }
  616. buf_fill += r;
  617. buf[buf_fill] = 0;
  618. if (buf_fill < 1) {
  619. /* No data */
  620. mg_free(boundary);
  621. return -1;
  622. }
  623. if (part_no == 0) {
  624. int d = 0;
  625. while ((d < buf_fill) && (buf[d] != '-')) {
  626. d++;
  627. }
  628. if ((d > 0) && (buf[d] == '-')) {
  629. memmove(buf, buf + d, (unsigned)buf_fill - (unsigned)d);
  630. buf_fill -= d;
  631. buf[buf_fill] = 0;
  632. }
  633. }
  634. if (buf[0] != '-' || buf[1] != '-') {
  635. /* Malformed request */
  636. mg_free(boundary);
  637. return -1;
  638. }
  639. if (0 != strncmp(buf + 2, boundary, bl)) {
  640. /* Malformed request */
  641. mg_free(boundary);
  642. return -1;
  643. }
  644. if (buf[bl + 2] != '\r' || buf[bl + 3] != '\n') {
  645. /* Every part must end with \r\n, if there is another part.
  646. * The end of the request has an extra -- */
  647. if (((size_t)buf_fill != (size_t)(bl + 6))
  648. || (strncmp(buf + bl + 2, "--\r\n", 4))) {
  649. /* Malformed request */
  650. mg_free(boundary);
  651. return -1;
  652. }
  653. /* End of the request */
  654. break;
  655. }
  656. /* Next, we need to get the part header: Read until \r\n\r\n */
  657. hbuf = buf + bl + 4;
  658. hend = strstr(hbuf, "\r\n\r\n");
  659. if (!hend) {
  660. /* Malformed request */
  661. mg_free(boundary);
  662. return -1;
  663. }
  664. part_header.num_headers =
  665. parse_http_headers(&hbuf, part_header.http_headers);
  666. if ((hend + 2) != hbuf) {
  667. /* Malformed request */
  668. mg_free(boundary);
  669. return -1;
  670. }
  671. /* Skip \r\n\r\n */
  672. hend += 4;
  673. /* According to the RFC, every part has to have a header field like:
  674. * Content-Disposition: form-data; name="..." */
  675. content_disp = get_header(part_header.http_headers,
  676. part_header.num_headers,
  677. "Content-Disposition");
  678. if (!content_disp) {
  679. /* Malformed request */
  680. mg_free(boundary);
  681. return -1;
  682. }
  683. /* Get the mandatory name="..." part of the Content-Disposition
  684. * header. */
  685. nbeg = strstr(content_disp, "name=\"");
  686. while ((nbeg != NULL) && (strcspn(nbeg - 1, ":,; \t") != 0)) {
  687. /* It could be somethingname= instead of name= */
  688. nbeg = strstr(nbeg + 1, "name=\"");
  689. }
  690. /* This line is not required, but otherwise some compilers
  691. * generate spurious warnings. */
  692. nend = nbeg;
  693. /* And others complain, the result is unused. */
  694. (void)nend;
  695. /* If name=" is found, search for the closing " */
  696. if (nbeg) {
  697. nbeg += 6;
  698. nend = strchr(nbeg, '\"');
  699. if (!nend) {
  700. /* Malformed request */
  701. mg_free(boundary);
  702. return -1;
  703. }
  704. } else {
  705. /* name= without quotes is also allowed */
  706. nbeg = strstr(content_disp, "name=");
  707. while ((nbeg != NULL) && (strcspn(nbeg - 1, ":,; \t") != 0)) {
  708. /* It could be somethingname= instead of name= */
  709. nbeg = strstr(nbeg + 1, "name=");
  710. }
  711. if (!nbeg) {
  712. /* Malformed request */
  713. mg_free(boundary);
  714. return -1;
  715. }
  716. nbeg += 5;
  717. /* RFC 2616 Sec. 2.2 defines a list of allowed
  718. * separators, but many of them make no sense
  719. * here, e.g. various brackets or slashes.
  720. * If they are used, probably someone is
  721. * trying to attack with curious hand made
  722. * requests. Only ; , space and tab seem to be
  723. * reasonable here. Ignore everything else. */
  724. nend = nbeg + strcspn(nbeg, ",; \t");
  725. }
  726. /* Get the optional filename="..." part of the Content-Disposition
  727. * header. */
  728. fbeg = strstr(content_disp, "filename=\"");
  729. while ((fbeg != NULL) && (strcspn(fbeg - 1, ":,; \t") != 0)) {
  730. /* It could be somethingfilename= instead of filename= */
  731. fbeg = strstr(fbeg + 1, "filename=\"");
  732. }
  733. /* This line is not required, but otherwise some compilers
  734. * generate spurious warnings. */
  735. fend = fbeg;
  736. /* If filename=" is found, search for the closing " */
  737. if (fbeg) {
  738. fbeg += 10;
  739. fend = strchr(fbeg, '\"');
  740. if (!fend) {
  741. /* Malformed request (the filename field is optional, but if
  742. * it exists, it needs to be terminated correctly). */
  743. mg_free(boundary);
  744. return -1;
  745. }
  746. /* TODO: check Content-Type */
  747. /* Content-Type: application/octet-stream */
  748. }
  749. if (!fbeg) {
  750. /* Try the same without quotes */
  751. fbeg = strstr(content_disp, "filename=");
  752. while ((fbeg != NULL) && (strcspn(fbeg - 1, ":,; \t") != 0)) {
  753. /* It could be somethingfilename= instead of filename= */
  754. fbeg = strstr(fbeg + 1, "filename=");
  755. }
  756. if (fbeg) {
  757. fbeg += 9;
  758. fend = fbeg + strcspn(fbeg, ",; \t");
  759. }
  760. }
  761. if (!fbeg || !fend) {
  762. fbeg = NULL;
  763. fend = NULL;
  764. fnlen = 0;
  765. } else {
  766. fnlen = (size_t)(fend - fbeg);
  767. }
  768. /* In theory, it could be possible that someone crafts
  769. * a request like name=filename=xyz. Check if name and
  770. * filename do not overlap. */
  771. if (!(((ptrdiff_t)fbeg > (ptrdiff_t)nend)
  772. || ((ptrdiff_t)nbeg > (ptrdiff_t)fend))) {
  773. mg_free(boundary);
  774. return -1;
  775. }
  776. /* Call callback for new field */
  777. memset(path, 0, sizeof(path));
  778. field_count++;
  779. field_storage = url_encoded_field_found(conn,
  780. nbeg,
  781. (size_t)(nend - nbeg),
  782. ((fnlen > 0) ? fbeg : NULL),
  783. fnlen,
  784. path,
  785. sizeof(path) - 1,
  786. fdh);
  787. /* If the boundary is already in the buffer, get the address,
  788. * otherwise next will be NULL. */
  789. next = search_boundary(hbuf,
  790. (size_t)((buf - hbuf) + buf_fill),
  791. boundary,
  792. bl);
  793. #if !defined(NO_FILESYSTEMS)
  794. if (field_storage == MG_FORM_FIELD_STORAGE_STORE) {
  795. /* Store the content to a file */
  796. if (mg_fopen(conn, path, MG_FOPEN_MODE_WRITE, &fstore) == 0) {
  797. fstore.access.fp = NULL;
  798. }
  799. file_size = 0;
  800. if (!fstore.access.fp) {
  801. mg_cry_internal(conn,
  802. "%s: Cannot create file %s",
  803. __func__,
  804. path);
  805. }
  806. }
  807. #endif /* NO_FILESYSTEMS */
  808. get_block = 0;
  809. while (!next) {
  810. /* Set "towrite" to the number of bytes available
  811. * in the buffer */
  812. towrite = (size_t)(buf - hend + buf_fill);
  813. if (towrite < bl + 4) {
  814. /* Not enough data stored. */
  815. /* Incomplete request. */
  816. mg_free(boundary);
  817. return -1;
  818. }
  819. /* Subtract the boundary length, to deal with
  820. * cases the boundary is only partially stored
  821. * in the buffer. */
  822. towrite -= bl + 4;
  823. if (field_storage == MG_FORM_FIELD_STORAGE_GET) {
  824. r = unencoded_field_get(conn,
  825. ((get_block > 0) ? NULL : nbeg),
  826. ((get_block > 0)
  827. ? 0
  828. : (size_t)(nend - nbeg)),
  829. hend,
  830. towrite,
  831. fdh);
  832. get_block++;
  833. if (r == MG_FORM_FIELD_HANDLE_ABORT) {
  834. /* Stop request handling */
  835. break;
  836. }
  837. if (r == MG_FORM_FIELD_HANDLE_NEXT) {
  838. /* Skip to next field */
  839. field_storage = MG_FORM_FIELD_STORAGE_SKIP;
  840. }
  841. }
  842. #if !defined(NO_FILESYSTEMS)
  843. if (field_storage == MG_FORM_FIELD_STORAGE_STORE) {
  844. if (fstore.access.fp) {
  845. /* Store the content of the buffer. */
  846. n = (size_t)fwrite(hend, 1, towrite, fstore.access.fp);
  847. if ((n != towrite) || (ferror(fstore.access.fp))) {
  848. mg_cry_internal(conn,
  849. "%s: Cannot write file %s",
  850. __func__,
  851. path);
  852. mg_fclose(&fstore.access);
  853. remove_bad_file(conn, path);
  854. }
  855. file_size += (int64_t)n;
  856. }
  857. }
  858. #endif /* NO_FILESYSTEMS */
  859. memmove(buf, hend + towrite, bl + 4);
  860. buf_fill = (int)(bl + 4);
  861. hend = buf;
  862. /* Read new data */
  863. to_read = sizeof(buf) - 1 - (size_t)buf_fill;
  864. r = mg_read(conn, buf + (size_t)buf_fill, to_read);
  865. if ((r < 0) || ((r == 0) && all_data_read)) {
  866. #if !defined(NO_FILESYSTEMS)
  867. /* read error */
  868. if (fstore.access.fp) {
  869. mg_fclose(&fstore.access);
  870. remove_bad_file(conn, path);
  871. }
  872. #endif /* NO_FILESYSTEMS */
  873. mg_free(boundary);
  874. return -1;
  875. }
  876. /* r==0 already handled, all_data_read is false here */
  877. buf_fill += r;
  878. buf[buf_fill] = 0;
  879. /* buf_fill is at least 8 here */
  880. /* Find boundary */
  881. next = search_boundary(buf, (size_t)buf_fill, boundary, bl);
  882. if (!next && (r == 0)) {
  883. /* incomplete request */
  884. all_data_read = 1;
  885. }
  886. }
  887. towrite = (next ? (size_t)(next - hend) : 0);
  888. if (field_storage == MG_FORM_FIELD_STORAGE_GET) {
  889. /* Call callback */
  890. r = unencoded_field_get(conn,
  891. ((get_block > 0) ? NULL : nbeg),
  892. ((get_block > 0)
  893. ? 0
  894. : (size_t)(nend - nbeg)),
  895. hend,
  896. towrite,
  897. fdh);
  898. if (r == MG_FORM_FIELD_HANDLE_ABORT) {
  899. /* Stop request handling */
  900. break;
  901. }
  902. if (r == MG_FORM_FIELD_HANDLE_NEXT) {
  903. /* Skip to next field */
  904. field_storage = MG_FORM_FIELD_STORAGE_SKIP;
  905. }
  906. }
  907. #if !defined(NO_FILESYSTEMS)
  908. if (field_storage == MG_FORM_FIELD_STORAGE_STORE) {
  909. if (fstore.access.fp) {
  910. n = (size_t)fwrite(hend, 1, towrite, fstore.access.fp);
  911. if ((n != towrite) || (ferror(fstore.access.fp))) {
  912. mg_cry_internal(conn,
  913. "%s: Cannot write file %s",
  914. __func__,
  915. path);
  916. mg_fclose(&fstore.access);
  917. remove_bad_file(conn, path);
  918. } else {
  919. file_size += (int64_t)n;
  920. r = mg_fclose(&fstore.access);
  921. if (r == 0) {
  922. /* stored successfully */
  923. r = field_stored(conn, path, file_size, fdh);
  924. if (r == MG_FORM_FIELD_HANDLE_ABORT) {
  925. /* Stop request handling */
  926. break;
  927. }
  928. } else {
  929. mg_cry_internal(conn,
  930. "%s: Error saving file %s",
  931. __func__,
  932. path);
  933. remove_bad_file(conn, path);
  934. }
  935. }
  936. fstore.access.fp = NULL;
  937. }
  938. }
  939. #endif /* NO_FILESYSTEMS */
  940. if ((field_storage & MG_FORM_FIELD_STORAGE_ABORT)
  941. == MG_FORM_FIELD_STORAGE_ABORT) {
  942. /* Stop parsing the request */
  943. break;
  944. }
  945. /* Remove from the buffer */
  946. if (next) {
  947. used = next - buf + 2;
  948. memmove(buf, buf + (size_t)used, sizeof(buf) - (size_t)used);
  949. buf_fill -= (int)used;
  950. } else {
  951. buf_fill = 0;
  952. }
  953. }
  954. /* All parts handled */
  955. mg_free(boundary);
  956. return field_count;
  957. }
  958. /* Unknown Content-Type */
  959. return -1;
  960. }
  961. /* End of handle_form.inl */