| /* |
| * libwebsockets - small server side websockets and web server implementation |
| * |
| * Copyright (C) 2010-2013 Andy Green <andy@warmcat.com> |
| * |
| * This library is free software; you can redistribute it and/or |
| * modify it under the terms of the GNU Lesser General Public |
| * License as published by the Free Software Foundation: |
| * version 2.1 of the License. |
| * |
| * This library is distributed in the hope that it will be useful, |
| * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| * Lesser General Public License for more details. |
| * |
| * You should have received a copy of the GNU Lesser General Public |
| * License along with this library; if not, write to the Free Software |
| * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, |
| * MA 02110-1301 USA |
| */ |
| |
| #include "private-libwebsockets.h" |
| |
| unsigned char lextable[] = { |
| #include "lextable.h" |
| }; |
| |
| int lextable_decode(int pos, char c) |
| { |
| while (pos >= 0) { |
| if (lextable[pos + 1] == 0) /* terminal marker */ |
| return pos; |
| |
| /* case insensitive - RFC2616 */ |
| if ((lextable[pos] & 0x7f) == tolower(c)) |
| return pos + (lextable[pos + 1] << 1); |
| |
| if (lextable[pos] & 0x80) |
| return -1; |
| |
| pos += 2; |
| } |
| return pos; |
| } |
| |
| int lws_allocate_header_table(struct libwebsocket *wsi) |
| { |
| wsi->u.hdr.ah = malloc(sizeof(*wsi->u.hdr.ah)); |
| if (wsi->u.hdr.ah == NULL) { |
| lwsl_err("Out of memory\n"); |
| return -1; |
| } |
| memset(wsi->u.hdr.ah->frag_index, 0, sizeof(wsi->u.hdr.ah->frag_index)); |
| wsi->u.hdr.ah->next_frag_index = 0; |
| wsi->u.hdr.ah->pos = 0; |
| |
| return 0; |
| } |
| |
| LWS_VISIBLE int lws_hdr_total_length(struct libwebsocket *wsi, enum lws_token_indexes h) |
| { |
| int n; |
| int len = 0; |
| |
| n = wsi->u.hdr.ah->frag_index[h]; |
| if (n == 0) |
| return 0; |
| |
| do { |
| len += wsi->u.hdr.ah->frags[n].len; |
| n = wsi->u.hdr.ah->frags[n].next_frag_index; |
| } while (n); |
| |
| return len; |
| } |
| |
| LWS_VISIBLE int lws_hdr_copy(struct libwebsocket *wsi, char *dest, int len, |
| enum lws_token_indexes h) |
| { |
| int toklen = lws_hdr_total_length(wsi, h); |
| int n; |
| |
| if (toklen >= len) |
| return -1; |
| |
| n = wsi->u.hdr.ah->frag_index[h]; |
| if (n == 0) |
| return 0; |
| |
| do { |
| strcpy(dest, |
| &wsi->u.hdr.ah->data[wsi->u.hdr.ah->frags[n].offset]); |
| dest += wsi->u.hdr.ah->frags[n].len; |
| n = wsi->u.hdr.ah->frags[n].next_frag_index; |
| } while (n); |
| |
| return toklen; |
| } |
| |
| char *lws_hdr_simple_ptr(struct libwebsocket *wsi, enum lws_token_indexes h) |
| { |
| int n; |
| |
| n = wsi->u.hdr.ah->frag_index[h]; |
| if (!n) |
| return NULL; |
| |
| return &wsi->u.hdr.ah->data[wsi->u.hdr.ah->frags[n].offset]; |
| } |
| |
| int lws_hdr_simple_create(struct libwebsocket *wsi, |
| enum lws_token_indexes h, const char *s) |
| { |
| wsi->u.hdr.ah->next_frag_index++; |
| if (wsi->u.hdr.ah->next_frag_index == |
| sizeof(wsi->u.hdr.ah->frags) / sizeof(wsi->u.hdr.ah->frags[0])) { |
| lwsl_warn("More hdr frags than we can deal with, dropping\n"); |
| return -1; |
| } |
| |
| wsi->u.hdr.ah->frag_index[h] = wsi->u.hdr.ah->next_frag_index; |
| |
| wsi->u.hdr.ah->frags[wsi->u.hdr.ah->next_frag_index].offset = |
| wsi->u.hdr.ah->pos; |
| wsi->u.hdr.ah->frags[wsi->u.hdr.ah->next_frag_index].len = 0; |
| wsi->u.hdr.ah->frags[wsi->u.hdr.ah->next_frag_index].next_frag_index = |
| 0; |
| |
| do { |
| if (wsi->u.hdr.ah->pos == sizeof(wsi->u.hdr.ah->data)) { |
| lwsl_err("Ran out of header data space\n"); |
| return -1; |
| } |
| wsi->u.hdr.ah->data[wsi->u.hdr.ah->pos++] = *s; |
| if (*s) |
| wsi->u.hdr.ah->frags[ |
| wsi->u.hdr.ah->next_frag_index].len++; |
| } while (*s++); |
| |
| return 0; |
| } |
| |
| static char char_to_hex(const char c) |
| { |
| if (c >= '0' && c <= '9') |
| return c - '0'; |
| |
| if (c >= 'a' && c <= 'f') |
| return c - 'a' + 10; |
| |
| if (c >= 'A' && c <= 'F') |
| return c - 'A' + 10; |
| |
| return -1; |
| } |
| |
| static int issue_char(struct libwebsocket *wsi, unsigned char c) |
| { |
| if (wsi->u.hdr.ah->pos == sizeof(wsi->u.hdr.ah->data)) { |
| lwsl_warn("excessive header content\n"); |
| return -1; |
| } |
| wsi->u.hdr.ah->data[wsi->u.hdr.ah->pos++] = c; |
| if (c) |
| wsi->u.hdr.ah->frags[wsi->u.hdr.ah->next_frag_index].len++; |
| |
| return 0; |
| } |
| |
| int libwebsocket_parse(struct libwebsocket *wsi, unsigned char c) |
| { |
| int n; |
| |
| switch (wsi->u.hdr.parser_state) { |
| case WSI_TOKEN_GET_URI: |
| case WSI_TOKEN_POST_URI: |
| case WSI_TOKEN_HOST: |
| case WSI_TOKEN_CONNECTION: |
| case WSI_TOKEN_KEY1: |
| case WSI_TOKEN_KEY2: |
| case WSI_TOKEN_PROTOCOL: |
| case WSI_TOKEN_UPGRADE: |
| case WSI_TOKEN_ORIGIN: |
| case WSI_TOKEN_SWORIGIN: |
| case WSI_TOKEN_DRAFT: |
| case WSI_TOKEN_CHALLENGE: |
| case WSI_TOKEN_KEY: |
| case WSI_TOKEN_VERSION: |
| case WSI_TOKEN_ACCEPT: |
| case WSI_TOKEN_NONCE: |
| case WSI_TOKEN_EXTENSIONS: |
| case WSI_TOKEN_HTTP: |
| case WSI_TOKEN_HTTP_ACCEPT: |
| case WSI_TOKEN_HTTP_IF_MODIFIED_SINCE: |
| case WSI_TOKEN_HTTP_ACCEPT_ENCODING: |
| case WSI_TOKEN_HTTP_ACCEPT_LANGUAGE: |
| case WSI_TOKEN_HTTP_PRAGMA: |
| case WSI_TOKEN_HTTP_CACHE_CONTROL: |
| case WSI_TOKEN_HTTP_AUTHORIZATION: |
| case WSI_TOKEN_HTTP_COOKIE: |
| case WSI_TOKEN_HTTP_CONTENT_LENGTH: |
| case WSI_TOKEN_HTTP_CONTENT_TYPE: |
| case WSI_TOKEN_HTTP_DATE: |
| case WSI_TOKEN_HTTP_RANGE: |
| case WSI_TOKEN_HTTP_REFERER: |
| |
| |
| lwsl_parser("WSI_TOK_(%d) '%c'\n", wsi->u.hdr.parser_state, c); |
| |
| /* collect into malloc'd buffers */ |
| /* optional initial space swallow */ |
| if (!wsi->u.hdr.ah->frags[wsi->u.hdr.ah->frag_index[ |
| wsi->u.hdr.parser_state]].len && c == ' ') |
| break; |
| |
| if ((wsi->u.hdr.parser_state != WSI_TOKEN_GET_URI) && (wsi->u.hdr.parser_state != WSI_TOKEN_POST_URI)) |
| goto check_eol; |
| |
| /* special URI processing... end at space */ |
| |
| if (c == ' ') { |
| /* enforce starting with / */ |
| if (!wsi->u.hdr.ah->frags[wsi->u.hdr.ah->next_frag_index].len) |
| if (issue_char(wsi, '/') < 0) |
| return -1; |
| c = '\0'; |
| wsi->u.hdr.parser_state = WSI_TOKEN_SKIPPING; |
| goto spill; |
| } |
| |
| /* special URI processing... convert %xx */ |
| |
| switch (wsi->u.hdr.ues) { |
| case URIES_IDLE: |
| if (c == '%') { |
| wsi->u.hdr.ues = URIES_SEEN_PERCENT; |
| goto swallow; |
| } |
| break; |
| case URIES_SEEN_PERCENT: |
| if (char_to_hex(c) < 0) { |
| /* regurgitate */ |
| if (issue_char(wsi, '%') < 0) |
| return -1; |
| wsi->u.hdr.ues = URIES_IDLE; |
| /* continue on to assess c */ |
| break; |
| } |
| wsi->u.hdr.esc_stash = c; |
| wsi->u.hdr.ues = URIES_SEEN_PERCENT_H1; |
| goto swallow; |
| |
| case URIES_SEEN_PERCENT_H1: |
| if (char_to_hex(c) < 0) { |
| /* regurgitate */ |
| issue_char(wsi, '%'); |
| wsi->u.hdr.ues = URIES_IDLE; |
| /* regurgitate + assess */ |
| if (libwebsocket_parse(wsi, wsi->u.hdr.esc_stash) < 0) |
| return -1; |
| /* continue on to assess c */ |
| break; |
| } |
| c = (char_to_hex(wsi->u.hdr.esc_stash) << 4) | |
| char_to_hex(c); |
| wsi->u.hdr.ues = URIES_IDLE; |
| break; |
| } |
| |
| /* |
| * special URI processing... |
| * convert /.. or /... or /../ etc to / |
| * convert /./ to / |
| * convert // or /// etc to / |
| * leave /.dir or whatever alone |
| */ |
| |
| switch (wsi->u.hdr.ups) { |
| case URIPS_IDLE: |
| /* issue the first / always */ |
| if (c == '/') |
| wsi->u.hdr.ups = URIPS_SEEN_SLASH; |
| break; |
| case URIPS_SEEN_SLASH: |
| /* swallow subsequent slashes */ |
| if (c == '/') |
| goto swallow; |
| /* track and swallow the first . after / */ |
| if (c == '.') { |
| wsi->u.hdr.ups = URIPS_SEEN_SLASH_DOT; |
| goto swallow; |
| } else |
| wsi->u.hdr.ups = URIPS_IDLE; |
| break; |
| case URIPS_SEEN_SLASH_DOT: |
| /* swallow second . */ |
| if (c == '.') { |
| /* |
| * back up one dir level if possible |
| * safe against header fragmentation because |
| * the method URI can only be in 1 fragment |
| */ |
| if (wsi->u.hdr.ah->frags[wsi->u.hdr.ah->next_frag_index].len > 2) { |
| wsi->u.hdr.ah->pos--; |
| wsi->u.hdr.ah->frags[wsi->u.hdr.ah->next_frag_index].len--; |
| do { |
| wsi->u.hdr.ah->pos--; |
| wsi->u.hdr.ah->frags[wsi->u.hdr.ah->next_frag_index].len--; |
| } while (wsi->u.hdr.ah->frags[wsi->u.hdr.ah->next_frag_index].len > 1 && |
| wsi->u.hdr.ah->data[wsi->u.hdr.ah->pos] != '/'); |
| } |
| wsi->u.hdr.ups = URIPS_SEEN_SLASH_DOT_DOT; |
| goto swallow; |
| } |
| /* change /./ to / */ |
| if (c == '/') { |
| wsi->u.hdr.ups = URIPS_SEEN_SLASH; |
| goto swallow; |
| } |
| /* it was like /.dir ... regurgitate the . */ |
| wsi->u.hdr.ups = URIPS_IDLE; |
| issue_char(wsi, '.'); |
| break; |
| |
| case URIPS_SEEN_SLASH_DOT_DOT: |
| /* swallow prior .. chars and any subsequent . */ |
| if (c == '.') |
| goto swallow; |
| /* last issued was /, so another / == // */ |
| if (c == '/') |
| goto swallow; |
| else /* last we issued was / so SEEN_SLASH */ |
| wsi->u.hdr.ups = URIPS_SEEN_SLASH; |
| break; |
| case URIPS_ARGUMENTS: |
| /* leave them alone */ |
| break; |
| } |
| |
| check_eol: |
| |
| /* bail at EOL */ |
| if (wsi->u.hdr.parser_state != WSI_TOKEN_CHALLENGE && |
| c == '\x0d') { |
| c = '\0'; |
| wsi->u.hdr.parser_state = WSI_TOKEN_SKIPPING_SAW_CR; |
| lwsl_parser("*\n"); |
| } |
| |
| if (c == '?') { /* start of URI arguments */ |
| /* seal off uri header */ |
| wsi->u.hdr.ah->data[wsi->u.hdr.ah->pos++] = '\0'; |
| |
| /* move to using WSI_TOKEN_HTTP_URI_ARGS */ |
| wsi->u.hdr.ah->next_frag_index++; |
| wsi->u.hdr.ah->frags[ |
| wsi->u.hdr.ah->next_frag_index].offset = |
| wsi->u.hdr.ah->pos; |
| wsi->u.hdr.ah->frags[ |
| wsi->u.hdr.ah->next_frag_index].len = 0; |
| wsi->u.hdr.ah->frags[ |
| wsi->u.hdr.ah->next_frag_index].next_frag_index = 0; |
| |
| wsi->u.hdr.ah->frag_index[WSI_TOKEN_HTTP_URI_ARGS] = |
| wsi->u.hdr.ah->next_frag_index; |
| |
| /* defeat normal uri path processing */ |
| wsi->u.hdr.ups = URIPS_ARGUMENTS; |
| goto swallow; |
| } |
| |
| spill: |
| if (issue_char(wsi, c) < 0) |
| return -1; |
| swallow: |
| /* per-protocol end of headers management */ |
| |
| if (wsi->u.hdr.parser_state == WSI_TOKEN_CHALLENGE) |
| goto set_parsing_complete; |
| break; |
| |
| /* collecting and checking a name part */ |
| case WSI_TOKEN_NAME_PART: |
| lwsl_parser("WSI_TOKEN_NAME_PART '%c'\n", c); |
| |
| wsi->u.hdr.lextable_pos = |
| lextable_decode(wsi->u.hdr.lextable_pos, c); |
| |
| if (wsi->u.hdr.lextable_pos < 0) { |
| /* this is not a header we know about */ |
| if (wsi->u.hdr.ah->frag_index[WSI_TOKEN_GET_URI] || wsi->u.hdr.ah->frag_index[WSI_TOKEN_POST_URI] || |
| wsi->u.hdr.ah->frag_index[WSI_TOKEN_HTTP]) { |
| /* |
| * altready had the method, no idea what |
| * this crap is, ignore |
| */ |
| wsi->u.hdr.parser_state = WSI_TOKEN_SKIPPING; |
| break; |
| } |
| /* |
| * hm it's an unknown http method in fact, |
| * treat as dangerous |
| */ |
| |
| lwsl_info("Unknown method - dropping\n"); |
| return -1; |
| } |
| if (lextable[wsi->u.hdr.lextable_pos + 1] == 0) { |
| |
| /* terminal state */ |
| |
| n = lextable[wsi->u.hdr.lextable_pos] & 0x7f; |
| |
| lwsl_parser("known hdr %d\n", n); |
| |
| if (n == WSI_TOKEN_GET_URI && |
| wsi->u.hdr.ah->frag_index[WSI_TOKEN_GET_URI]) { |
| lwsl_warn("Duplicated GET\n"); |
| return -1; |
| } else if (n == WSI_TOKEN_POST_URI && |
| wsi->u.hdr.ah->frag_index[WSI_TOKEN_POST_URI]) { |
| lwsl_warn("Duplicated POST\n"); |
| return -1; |
| } |
| |
| /* |
| * WSORIGIN is protocol equiv to ORIGIN, |
| * JWebSocket likes to send it, map to ORIGIN |
| */ |
| if (n == WSI_TOKEN_SWORIGIN) |
| n = WSI_TOKEN_ORIGIN; |
| |
| wsi->u.hdr.parser_state = (enum lws_token_indexes) |
| (WSI_TOKEN_GET_URI + n); |
| if (wsi->u.hdr.parser_state == WSI_TOKEN_CHALLENGE) |
| goto set_parsing_complete; |
| |
| goto start_fragment; |
| } |
| break; |
| |
| start_fragment: |
| wsi->u.hdr.ah->next_frag_index++; |
| if (wsi->u.hdr.ah->next_frag_index == |
| sizeof(wsi->u.hdr.ah->frags) / |
| sizeof(wsi->u.hdr.ah->frags[0])) { |
| lwsl_warn("More hdr frags than we can deal with\n"); |
| return -1; |
| } |
| |
| wsi->u.hdr.ah->frags[wsi->u.hdr.ah->next_frag_index].offset = |
| wsi->u.hdr.ah->pos; |
| wsi->u.hdr.ah->frags[wsi->u.hdr.ah->next_frag_index].len = 0; |
| wsi->u.hdr.ah->frags[ |
| wsi->u.hdr.ah->next_frag_index].next_frag_index = 0; |
| |
| n = wsi->u.hdr.ah->frag_index[wsi->u.hdr.parser_state]; |
| if (!n) { /* first fragment */ |
| wsi->u.hdr.ah->frag_index[wsi->u.hdr.parser_state] = |
| wsi->u.hdr.ah->next_frag_index; |
| break; |
| } |
| /* continuation */ |
| while (wsi->u.hdr.ah->frags[n].next_frag_index) |
| n = wsi->u.hdr.ah->frags[n].next_frag_index; |
| wsi->u.hdr.ah->frags[n].next_frag_index = |
| wsi->u.hdr.ah->next_frag_index; |
| |
| if (wsi->u.hdr.ah->pos == sizeof(wsi->u.hdr.ah->data)) { |
| lwsl_warn("excessive header content\n"); |
| return -1; |
| } |
| |
| wsi->u.hdr.ah->data[wsi->u.hdr.ah->pos++] = ' '; |
| wsi->u.hdr.ah->frags[wsi->u.hdr.ah->next_frag_index].len++; |
| break; |
| |
| /* skipping arg part of a name we didn't recognize */ |
| case WSI_TOKEN_SKIPPING: |
| lwsl_parser("WSI_TOKEN_SKIPPING '%c'\n", c); |
| |
| if (c == '\x0d') |
| wsi->u.hdr.parser_state = WSI_TOKEN_SKIPPING_SAW_CR; |
| break; |
| |
| case WSI_TOKEN_SKIPPING_SAW_CR: |
| lwsl_parser("WSI_TOKEN_SKIPPING_SAW_CR '%c'\n", c); |
| if (c == '\x0a') { |
| wsi->u.hdr.parser_state = WSI_TOKEN_NAME_PART; |
| wsi->u.hdr.lextable_pos = 0; |
| } else |
| wsi->u.hdr.parser_state = WSI_TOKEN_SKIPPING; |
| break; |
| /* we're done, ignore anything else */ |
| |
| case WSI_PARSING_COMPLETE: |
| lwsl_parser("WSI_PARSING_COMPLETE '%c'\n", c); |
| break; |
| |
| default: /* keep gcc happy */ |
| break; |
| } |
| |
| return 0; |
| |
| set_parsing_complete: |
| |
| if (lws_hdr_total_length(wsi, WSI_TOKEN_UPGRADE)) { |
| if (lws_hdr_total_length(wsi, WSI_TOKEN_VERSION)) |
| wsi->ietf_spec_revision = |
| atoi(lws_hdr_simple_ptr(wsi, WSI_TOKEN_VERSION)); |
| |
| lwsl_parser("v%02d hdrs completed\n", wsi->ietf_spec_revision); |
| } |
| wsi->u.hdr.parser_state = WSI_PARSING_COMPLETE; |
| wsi->hdr_parsing_completed = 1; |
| |
| return 0; |
| } |
| |
| |
| /** |
| * lws_frame_is_binary: true if the current frame was sent in binary mode |
| * |
| * @wsi: the connection we are inquiring about |
| * |
| * This is intended to be called from the LWS_CALLBACK_RECEIVE callback if |
| * it's interested to see if the frame it's dealing with was sent in binary |
| * mode. |
| */ |
| |
| LWS_VISIBLE int lws_frame_is_binary(struct libwebsocket *wsi) |
| { |
| return wsi->u.ws.frame_is_binary; |
| } |
| |
| int |
| libwebsocket_rx_sm(struct libwebsocket *wsi, unsigned char c) |
| { |
| int n; |
| struct lws_tokens eff_buf; |
| int ret = 0; |
| #ifndef LWS_NO_EXTENSIONS |
| int handled; |
| int m; |
| #endif |
| |
| #if 0 |
| lwsl_debug("RX: %02X ", c); |
| #endif |
| |
| switch (wsi->lws_rx_parse_state) { |
| case LWS_RXPS_NEW: |
| |
| switch (wsi->ietf_spec_revision) { |
| case 13: |
| /* |
| * no prepended frame key any more |
| */ |
| wsi->u.ws.all_zero_nonce = 1; |
| goto handle_first; |
| |
| default: |
| lwsl_warn("lws_rx_sm: unknown spec version %d\n", |
| wsi->ietf_spec_revision); |
| break; |
| } |
| break; |
| case LWS_RXPS_04_MASK_NONCE_1: |
| wsi->u.ws.frame_masking_nonce_04[1] = c; |
| if (c) |
| wsi->u.ws.all_zero_nonce = 0; |
| wsi->lws_rx_parse_state = LWS_RXPS_04_MASK_NONCE_2; |
| break; |
| case LWS_RXPS_04_MASK_NONCE_2: |
| wsi->u.ws.frame_masking_nonce_04[2] = c; |
| if (c) |
| wsi->u.ws.all_zero_nonce = 0; |
| wsi->lws_rx_parse_state = LWS_RXPS_04_MASK_NONCE_3; |
| break; |
| case LWS_RXPS_04_MASK_NONCE_3: |
| wsi->u.ws.frame_masking_nonce_04[3] = c; |
| if (c) |
| wsi->u.ws.all_zero_nonce = 0; |
| |
| /* |
| * start from the zero'th byte in the XOR key buffer since |
| * this is the start of a frame with a new key |
| */ |
| |
| wsi->u.ws.frame_mask_index = 0; |
| |
| wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_1; |
| break; |
| |
| /* |
| * 04 logical framing from the spec (all this is masked when incoming |
| * and has to be unmasked) |
| * |
| * We ignore the possibility of extension data because we don't |
| * negotiate any extensions at the moment. |
| * |
| * 0 1 2 3 |
| * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 |
| * +-+-+-+-+-------+-+-------------+-------------------------------+ |
| * |F|R|R|R| opcode|R| Payload len | Extended payload length | |
| * |I|S|S|S| (4) |S| (7) | (16/63) | |
| * |N|V|V|V| |V| | (if payload len==126/127) | |
| * | |1|2|3| |4| | | |
| * +-+-+-+-+-------+-+-------------+ - - - - - - - - - - - - - - - + |
| * | Extended payload length continued, if payload len == 127 | |
| * + - - - - - - - - - - - - - - - +-------------------------------+ |
| * | | Extension data | |
| * +-------------------------------+ - - - - - - - - - - - - - - - + |
| * : : |
| * +---------------------------------------------------------------+ |
| * : Application data : |
| * +---------------------------------------------------------------+ |
| * |
| * We pass payload through to userland as soon as we get it, ignoring |
| * FIN. It's up to userland to buffer it up if it wants to see a |
| * whole unfragmented block of the original size (which may be up to |
| * 2^63 long!) |
| */ |
| |
| case LWS_RXPS_04_FRAME_HDR_1: |
| handle_first: |
| |
| wsi->u.ws.opcode = c & 0xf; |
| wsi->u.ws.rsv = c & 0x70; |
| wsi->u.ws.final = !!((c >> 7) & 1); |
| |
| switch (wsi->u.ws.opcode) { |
| case LWS_WS_OPCODE_07__TEXT_FRAME: |
| case LWS_WS_OPCODE_07__BINARY_FRAME: |
| wsi->u.ws.frame_is_binary = |
| wsi->u.ws.opcode == LWS_WS_OPCODE_07__BINARY_FRAME; |
| break; |
| } |
| wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN; |
| break; |
| |
| case LWS_RXPS_04_FRAME_HDR_LEN: |
| |
| wsi->u.ws.this_frame_masked = !!(c & 0x80); |
| |
| switch (c & 0x7f) { |
| case 126: |
| /* control frames are not allowed to have big lengths */ |
| if (wsi->u.ws.opcode & 8) |
| goto illegal_ctl_length; |
| |
| wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN16_2; |
| break; |
| case 127: |
| /* control frames are not allowed to have big lengths */ |
| if (wsi->u.ws.opcode & 8) |
| goto illegal_ctl_length; |
| |
| wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_8; |
| break; |
| default: |
| wsi->u.ws.rx_packet_length = c & 0x7f; |
| if (wsi->u.ws.this_frame_masked) |
| wsi->lws_rx_parse_state = |
| LWS_RXPS_07_COLLECT_FRAME_KEY_1; |
| else |
| if (wsi->u.ws.rx_packet_length) |
| wsi->lws_rx_parse_state = |
| LWS_RXPS_PAYLOAD_UNTIL_LENGTH_EXHAUSTED; |
| else { |
| wsi->lws_rx_parse_state = LWS_RXPS_NEW; |
| goto spill; |
| } |
| break; |
| } |
| break; |
| |
| case LWS_RXPS_04_FRAME_HDR_LEN16_2: |
| wsi->u.ws.rx_packet_length = c << 8; |
| wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN16_1; |
| break; |
| |
| case LWS_RXPS_04_FRAME_HDR_LEN16_1: |
| wsi->u.ws.rx_packet_length |= c; |
| if (wsi->u.ws.this_frame_masked) |
| wsi->lws_rx_parse_state = |
| LWS_RXPS_07_COLLECT_FRAME_KEY_1; |
| else |
| wsi->lws_rx_parse_state = |
| LWS_RXPS_PAYLOAD_UNTIL_LENGTH_EXHAUSTED; |
| break; |
| |
| case LWS_RXPS_04_FRAME_HDR_LEN64_8: |
| if (c & 0x80) { |
| lwsl_warn("b63 of length must be zero\n"); |
| /* kill the connection */ |
| return -1; |
| } |
| #if defined __LP64__ |
| wsi->u.ws.rx_packet_length = ((size_t)c) << 56; |
| #else |
| wsi->u.ws.rx_packet_length = 0; |
| #endif |
| wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_7; |
| break; |
| |
| case LWS_RXPS_04_FRAME_HDR_LEN64_7: |
| #if defined __LP64__ |
| wsi->u.ws.rx_packet_length |= ((size_t)c) << 48; |
| #endif |
| wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_6; |
| break; |
| |
| case LWS_RXPS_04_FRAME_HDR_LEN64_6: |
| #if defined __LP64__ |
| wsi->u.ws.rx_packet_length |= ((size_t)c) << 40; |
| #endif |
| wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_5; |
| break; |
| |
| case LWS_RXPS_04_FRAME_HDR_LEN64_5: |
| #if defined __LP64__ |
| wsi->u.ws.rx_packet_length |= ((size_t)c) << 32; |
| #endif |
| wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_4; |
| break; |
| |
| case LWS_RXPS_04_FRAME_HDR_LEN64_4: |
| wsi->u.ws.rx_packet_length |= ((size_t)c) << 24; |
| wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_3; |
| break; |
| |
| case LWS_RXPS_04_FRAME_HDR_LEN64_3: |
| wsi->u.ws.rx_packet_length |= ((size_t)c) << 16; |
| wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_2; |
| break; |
| |
| case LWS_RXPS_04_FRAME_HDR_LEN64_2: |
| wsi->u.ws.rx_packet_length |= ((size_t)c) << 8; |
| wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_1; |
| break; |
| |
| case LWS_RXPS_04_FRAME_HDR_LEN64_1: |
| wsi->u.ws.rx_packet_length |= ((size_t)c); |
| if (wsi->u.ws.this_frame_masked) |
| wsi->lws_rx_parse_state = |
| LWS_RXPS_07_COLLECT_FRAME_KEY_1; |
| else |
| wsi->lws_rx_parse_state = |
| LWS_RXPS_PAYLOAD_UNTIL_LENGTH_EXHAUSTED; |
| break; |
| |
| case LWS_RXPS_07_COLLECT_FRAME_KEY_1: |
| wsi->u.ws.frame_masking_nonce_04[0] = c; |
| if (c) |
| wsi->u.ws.all_zero_nonce = 0; |
| wsi->lws_rx_parse_state = LWS_RXPS_07_COLLECT_FRAME_KEY_2; |
| break; |
| |
| case LWS_RXPS_07_COLLECT_FRAME_KEY_2: |
| wsi->u.ws.frame_masking_nonce_04[1] = c; |
| if (c) |
| wsi->u.ws.all_zero_nonce = 0; |
| wsi->lws_rx_parse_state = LWS_RXPS_07_COLLECT_FRAME_KEY_3; |
| break; |
| |
| case LWS_RXPS_07_COLLECT_FRAME_KEY_3: |
| wsi->u.ws.frame_masking_nonce_04[2] = c; |
| if (c) |
| wsi->u.ws.all_zero_nonce = 0; |
| wsi->lws_rx_parse_state = LWS_RXPS_07_COLLECT_FRAME_KEY_4; |
| break; |
| |
| case LWS_RXPS_07_COLLECT_FRAME_KEY_4: |
| wsi->u.ws.frame_masking_nonce_04[3] = c; |
| if (c) |
| wsi->u.ws.all_zero_nonce = 0; |
| wsi->lws_rx_parse_state = |
| LWS_RXPS_PAYLOAD_UNTIL_LENGTH_EXHAUSTED; |
| wsi->u.ws.frame_mask_index = 0; |
| if (wsi->u.ws.rx_packet_length == 0) { |
| wsi->lws_rx_parse_state = LWS_RXPS_NEW; |
| goto spill; |
| } |
| break; |
| |
| |
| case LWS_RXPS_PAYLOAD_UNTIL_LENGTH_EXHAUSTED: |
| |
| if (!wsi->u.ws.rx_user_buffer) |
| lwsl_err("NULL user buffer...\n"); |
| |
| if (wsi->u.ws.all_zero_nonce) |
| wsi->u.ws.rx_user_buffer[LWS_SEND_BUFFER_PRE_PADDING + |
| (wsi->u.ws.rx_user_buffer_head++)] = c; |
| else |
| wsi->u.ws.rx_user_buffer[LWS_SEND_BUFFER_PRE_PADDING + |
| (wsi->u.ws.rx_user_buffer_head++)] = |
| c ^ wsi->u.ws.frame_masking_nonce_04[ |
| (wsi->u.ws.frame_mask_index++) & 3]; |
| |
| if (--wsi->u.ws.rx_packet_length == 0) { |
| /* spill because we have the whole frame */ |
| wsi->lws_rx_parse_state = LWS_RXPS_NEW; |
| goto spill; |
| } |
| |
| /* |
| * if there's no protocol max frame size given, we are |
| * supposed to default to LWS_MAX_SOCKET_IO_BUF |
| */ |
| |
| if (!wsi->protocol->rx_buffer_size && |
| wsi->u.ws.rx_user_buffer_head != |
| LWS_MAX_SOCKET_IO_BUF) |
| break; |
| else |
| if (wsi->protocol->rx_buffer_size && |
| wsi->u.ws.rx_user_buffer_head != |
| wsi->protocol->rx_buffer_size) |
| break; |
| |
| /* spill because we filled our rx buffer */ |
| spill: |
| /* |
| * is this frame a control packet we should take care of at this |
| * layer? If so service it and hide it from the user callback |
| */ |
| |
| lwsl_parser("spill on %s\n", wsi->protocol->name); |
| |
| switch (wsi->u.ws.opcode) { |
| case LWS_WS_OPCODE_07__CLOSE: |
| /* is this an acknowledgement of our close? */ |
| if (wsi->state == WSI_STATE_AWAITING_CLOSE_ACK) { |
| /* |
| * fine he has told us he is closing too, let's |
| * finish our close |
| */ |
| lwsl_parser("seen client close ack\n"); |
| return -1; |
| } |
| lwsl_parser("server sees client close packet\n"); |
| /* parrot the close packet payload back */ |
| n = libwebsocket_write(wsi, (unsigned char *) |
| &wsi->u.ws.rx_user_buffer[ |
| LWS_SEND_BUFFER_PRE_PADDING], |
| wsi->u.ws.rx_user_buffer_head, |
| LWS_WRITE_CLOSE); |
| if (n < 0) |
| lwsl_info("write of close ack failed %d\n", n); |
| wsi->state = WSI_STATE_RETURNED_CLOSE_ALREADY; |
| /* close the connection */ |
| return -1; |
| |
| case LWS_WS_OPCODE_07__PING: |
| lwsl_info("received %d byte ping, sending pong\n", |
| wsi->u.ws.rx_user_buffer_head); |
| lwsl_hexdump(&wsi->u.ws.rx_user_buffer[ |
| LWS_SEND_BUFFER_PRE_PADDING], |
| wsi->u.ws.rx_user_buffer_head); |
| /* parrot the ping packet payload back as a pong */ |
| n = libwebsocket_write(wsi, (unsigned char *) |
| &wsi->u.ws.rx_user_buffer[LWS_SEND_BUFFER_PRE_PADDING], |
| wsi->u.ws.rx_user_buffer_head, LWS_WRITE_PONG); |
| if (n < 0) |
| return -1; |
| /* ... then just drop it */ |
| wsi->u.ws.rx_user_buffer_head = 0; |
| return 0; |
| |
| case LWS_WS_OPCODE_07__PONG: |
| /* ... then just drop it */ |
| wsi->u.ws.rx_user_buffer_head = 0; |
| return 0; |
| |
| case LWS_WS_OPCODE_07__TEXT_FRAME: |
| case LWS_WS_OPCODE_07__BINARY_FRAME: |
| case LWS_WS_OPCODE_07__CONTINUATION: |
| break; |
| |
| default: |
| #ifndef LWS_NO_EXTENSIONS |
| lwsl_parser("passing opc %x up to exts\n", |
| wsi->u.ws.opcode); |
| |
| /* |
| * It's something special we can't understand here. |
| * Pass the payload up to the extension's parsing |
| * state machine. |
| */ |
| |
| eff_buf.token = &wsi->u.ws.rx_user_buffer[ |
| LWS_SEND_BUFFER_PRE_PADDING]; |
| eff_buf.token_len = wsi->u.ws.rx_user_buffer_head; |
| |
| handled = 0; |
| for (n = 0; n < wsi->count_active_extensions; n++) { |
| m = wsi->active_extensions[n]->callback( |
| wsi->protocol->owning_server, |
| wsi->active_extensions[n], wsi, |
| LWS_EXT_CALLBACK_EXTENDED_PAYLOAD_RX, |
| wsi->active_extensions_user[n], |
| &eff_buf, 0); |
| if (m) |
| handled = 1; |
| } |
| |
| if (!handled) |
| #endif |
| lwsl_ext("ext opc opcode 0x%x unknown\n", |
| wsi->u.ws.opcode); |
| |
| wsi->u.ws.rx_user_buffer_head = 0; |
| return 0; |
| } |
| |
| /* |
| * No it's real payload, pass it up to the user callback. |
| * It's nicely buffered with the pre-padding taken care of |
| * so it can be sent straight out again using libwebsocket_write |
| */ |
| |
| eff_buf.token = &wsi->u.ws.rx_user_buffer[ |
| LWS_SEND_BUFFER_PRE_PADDING]; |
| eff_buf.token_len = wsi->u.ws.rx_user_buffer_head; |
| #ifndef LWS_NO_EXTENSIONS |
| for (n = 0; n < wsi->count_active_extensions; n++) { |
| m = wsi->active_extensions[n]->callback( |
| wsi->protocol->owning_server, |
| wsi->active_extensions[n], wsi, |
| LWS_EXT_CALLBACK_PAYLOAD_RX, |
| wsi->active_extensions_user[n], |
| &eff_buf, 0); |
| if (m < 0) { |
| lwsl_ext( |
| "Extension '%s' failed to handle payload!\n", |
| wsi->active_extensions[n]->name); |
| return -1; |
| } |
| } |
| #endif |
| if (eff_buf.token_len > 0) { |
| eff_buf.token[eff_buf.token_len] = '\0'; |
| |
| if (wsi->protocol->callback) |
| ret = user_callback_handle_rxflow( |
| wsi->protocol->callback, |
| wsi->protocol->owning_server, |
| wsi, LWS_CALLBACK_RECEIVE, |
| wsi->user_space, |
| eff_buf.token, |
| eff_buf.token_len); |
| else |
| lwsl_err("No callback on payload spill!\n"); |
| } |
| |
| wsi->u.ws.rx_user_buffer_head = 0; |
| break; |
| } |
| |
| return ret; |
| |
| illegal_ctl_length: |
| |
| lwsl_warn("Control frame with xtended length is illegal\n"); |
| /* kill the connection */ |
| return -1; |
| } |
| |
| |
| int libwebsocket_interpret_incoming_packet(struct libwebsocket *wsi, |
| unsigned char *buf, size_t len) |
| { |
| size_t n = 0; |
| int m; |
| |
| #if 0 |
| lwsl_parser("received %d byte packet\n", (int)len); |
| lwsl_hexdump(buf, len); |
| #endif |
| |
| /* let the rx protocol state machine have as much as it needs */ |
| |
| while (n < len) { |
| /* |
| * we were accepting input but now we stopped doing so |
| */ |
| if (!(wsi->u.ws.rxflow_change_to & LWS_RXFLOW_ALLOW)) { |
| /* his RX is flowcontrolled, don't send remaining now */ |
| if (!wsi->u.ws.rxflow_buffer) { |
| /* a new rxflow, buffer it and warn caller */ |
| lwsl_info("new rxflow input buffer len %d\n", |
| len - n); |
| wsi->u.ws.rxflow_buffer = |
| (unsigned char *)malloc(len - n); |
| wsi->u.ws.rxflow_len = len - n; |
| wsi->u.ws.rxflow_pos = 0; |
| memcpy(wsi->u.ws.rxflow_buffer, |
| buf + n, len - n); |
| } else |
| /* rxflow while we were spilling prev rxflow */ |
| lwsl_info("stalling in existing rxflow buf\n"); |
| |
| return 1; |
| } |
| |
| /* account for what we're using in rxflow buffer */ |
| if (wsi->u.ws.rxflow_buffer) |
| wsi->u.ws.rxflow_pos++; |
| |
| /* process the byte */ |
| m = libwebsocket_rx_sm(wsi, buf[n++]); |
| if (m < 0) |
| return -1; |
| } |
| |
| return 0; |
| } |
| |
| |
| /** |
| * libwebsockets_remaining_packet_payload() - Bytes to come before "overall" |
| * rx packet is complete |
| * @wsi: Websocket instance (available from user callback) |
| * |
| * This function is intended to be called from the callback if the |
| * user code is interested in "complete packets" from the client. |
| * libwebsockets just passes through payload as it comes and issues a buffer |
| * additionally when it hits a built-in limit. The LWS_CALLBACK_RECEIVE |
| * callback handler can use this API to find out if the buffer it has just |
| * been given is the last piece of a "complete packet" from the client -- |
| * when that is the case libwebsockets_remaining_packet_payload() will return |
| * 0. |
| * |
| * Many protocols won't care becuse their packets are always small. |
| */ |
| |
| LWS_VISIBLE size_t |
| libwebsockets_remaining_packet_payload(struct libwebsocket *wsi) |
| { |
| return wsi->u.ws.rx_packet_length; |
| } |