1 /***************************************************************************
2 * _ _ ____ _
3 * Project ___| | | | _ \| |
4 * / __| | | | |_) | |
5 * | (__| |_| | _ <| |___
6 * \___|\___/|_| \_\_____|
7 *
8 * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
9 *
10 * This software is licensed as described in the file COPYING, which
11 * you should have received as part of this distribution. The terms
12 * are also available at https://curl.se/docs/copyright.html.
13 *
14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 * copies of the Software, and permit persons to whom the Software is
16 * furnished to do so, under the terms of the COPYING file.
17 *
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 * KIND, either express or implied.
20 *
21 * SPDX-License-Identifier: curl
22 *
23 ***************************************************************************/
24 #include "tool_setup.h"
25
26 #include "strcase.h"
27 #ifdef HAVE_UNISTD_H
28 #include <unistd.h>
29 #endif
30
31 #include "curlx.h"
32
33 #include "tool_cfgable.h"
34 #include "tool_doswin.h"
35 #include "tool_msgs.h"
36 #include "tool_cb_hdr.h"
37 #include "tool_cb_wrt.h"
38 #include "tool_operate.h"
39 #include "tool_libinfo.h"
40
41 #include "memdebug.h" /* keep this as LAST include */
42
43 static char *parse_filename(const char *ptr, size_t len);
44
45 #ifdef _WIN32
46 #define BOLD "\x1b[1m"
47 #define BOLDOFF "\x1b[22m"
48 #else
49 #define BOLD "\x1b[1m"
50 /* Switch off bold by setting "all attributes off" since the explicit
51 bold-off code (21) is not supported everywhere - like in the mac
52 Terminal. */
53 #define BOLDOFF "\x1b[0m"
54 /* OSC 8 hyperlink escape sequence */
55 #define LINK "\x1b]8;;"
56 #define LINKST "\x1b\\"
57 #define LINKOFF LINK LINKST
58 #endif
59
60 #ifdef LINK
61 static void write_linked_location(CURL *curl, const char *location,
62 size_t loclen, FILE *stream);
63 #endif
64
tool_write_headers(struct HdrCbData * hdrcbdata,FILE * stream)65 int tool_write_headers(struct HdrCbData *hdrcbdata, FILE *stream)
66 {
67 struct curl_slist *h = hdrcbdata->headlist;
68 int rc = 1;
69 while(h) {
70 /* not "handled", just show it */
71 size_t len = strlen(h->data);
72 if(len != fwrite(h->data, 1, len, stream))
73 goto fail;
74 h = h->next;
75 }
76 rc = 0; /* success */
77 fail:
78 curl_slist_free_all(hdrcbdata->headlist);
79 hdrcbdata->headlist = NULL;
80 return rc;
81 }
82
83
84 /*
85 ** callback for CURLOPT_HEADERFUNCTION
86 */
87
tool_header_cb(char * ptr,size_t size,size_t nmemb,void * userdata)88 size_t tool_header_cb(char *ptr, size_t size, size_t nmemb, void *userdata)
89 {
90 struct per_transfer *per = userdata;
91 struct HdrCbData *hdrcbdata = &per->hdrcbdata;
92 struct OutStruct *outs = &per->outs;
93 struct OutStruct *heads = &per->heads;
94 struct OutStruct *etag_save = &per->etag_save;
95 const char *str = ptr;
96 const size_t cb = size * nmemb;
97 const char *end = (char *)ptr + cb;
98 const char *scheme = NULL;
99
100 if(!per->config)
101 return CURL_WRITEFUNC_ERROR;
102
103 #ifdef DEBUGBUILD
104 if(size * nmemb > (size_t)CURL_MAX_HTTP_HEADER) {
105 warnf(per->config->global, "Header data exceeds single call write limit");
106 return CURL_WRITEFUNC_ERROR;
107 }
108 #endif
109
110 #ifdef _WIN32
111 /* Discard incomplete UTF-8 sequence buffered from body */
112 if(outs->utf8seq[0])
113 memset(outs->utf8seq, 0, sizeof(outs->utf8seq));
114 #endif
115
116 /*
117 * Write header data when curl option --dump-header (-D) is given.
118 */
119
120 if(per->config->headerfile && heads->stream) {
121 size_t rc = fwrite(ptr, size, nmemb, heads->stream);
122 if(rc != cb)
123 return rc;
124 /* flush the stream to send off what we got earlier */
125 if(fflush(heads->stream)) {
126 errorf(per->config->global, "Failed writing headers to %s",
127 per->config->headerfile);
128 return CURL_WRITEFUNC_ERROR;
129 }
130 }
131
132 curl_easy_getinfo(per->curl, CURLINFO_SCHEME, &scheme);
133 scheme = proto_token(scheme);
134 if((scheme == proto_http || scheme == proto_https)) {
135 long response = 0;
136 curl_easy_getinfo(per->curl, CURLINFO_RESPONSE_CODE, &response);
137
138 if((response/100 != 2) && (response/100 != 3))
139 /* only care about etag and content-disposition headers in 2xx and 3xx
140 responses */
141 ;
142 /*
143 * Write etag to file when --etag-save option is given.
144 */
145 else if(per->config->etag_save_file && etag_save->stream &&
146 /* match only header that start with etag (case insensitive) */
147 checkprefix("etag:", str)) {
148 const char *etag_h = &str[5];
149 const char *eot = end - 1;
150 if(*eot == '\n') {
151 while(ISBLANK(*etag_h) && (etag_h < eot))
152 etag_h++;
153 while(ISSPACE(*eot))
154 eot--;
155
156 if(eot >= etag_h) {
157 size_t etag_length = eot - etag_h + 1;
158 /*
159 * Truncate the etag save stream, it can have an existing etag value.
160 */
161 #ifdef HAVE_FTRUNCATE
162 if(ftruncate(fileno(etag_save->stream), 0)) {
163 return CURL_WRITEFUNC_ERROR;
164 }
165 #else
166 if(fseek(etag_save->stream, 0, SEEK_SET)) {
167 return CURL_WRITEFUNC_ERROR;
168 }
169 #endif
170
171 fwrite(etag_h, size, etag_length, etag_save->stream);
172 /* terminate with newline */
173 fputc('\n', etag_save->stream);
174 (void)fflush(etag_save->stream);
175 }
176 }
177 }
178
179 /*
180 * This callback sets the filename where output shall be written when
181 * curl options --remote-name (-O) and --remote-header-name (-J) have
182 * been simultaneously given and additionally server returns an HTTP
183 * Content-Disposition header specifying a filename property.
184 */
185
186 else if(hdrcbdata->honor_cd_filename) {
187 if((cb > 20) && checkprefix("Content-disposition:", str)) {
188 const char *p = str + 20;
189
190 /* look for the 'filename=' parameter
191 (encoded filenames (*=) are not supported) */
192 for(;;) {
193 char *filename;
194 size_t len;
195
196 while((p < end) && *p && !ISALPHA(*p))
197 p++;
198 if(p > end - 9)
199 break;
200
201 if(memcmp(p, "filename=", 9)) {
202 /* no match, find next parameter */
203 while((p < end) && *p && (*p != ';'))
204 p++;
205 if((p < end) && *p)
206 continue;
207 else
208 break;
209 }
210 p += 9;
211
212 len = cb - (size_t)(p - str);
213 filename = parse_filename(p, len);
214 if(filename) {
215 if(outs->stream) {
216 /* indication of problem, get out! */
217 free(filename);
218 return CURL_WRITEFUNC_ERROR;
219 }
220
221 if(per->config->output_dir) {
222 outs->filename = aprintf("%s/%s", per->config->output_dir,
223 filename);
224 free(filename);
225 if(!outs->filename)
226 return CURL_WRITEFUNC_ERROR;
227 }
228 else
229 outs->filename = filename;
230
231 outs->is_cd_filename = TRUE;
232 outs->s_isreg = TRUE;
233 outs->fopened = FALSE;
234 outs->alloc_filename = TRUE;
235 hdrcbdata->honor_cd_filename = FALSE; /* done now! */
236 if(!tool_create_output_file(outs, per->config))
237 return CURL_WRITEFUNC_ERROR;
238 if(tool_write_headers(&per->hdrcbdata, outs->stream))
239 return CURL_WRITEFUNC_ERROR;
240 }
241 break;
242 }
243 if(!outs->stream && !tool_create_output_file(outs, per->config))
244 return CURL_WRITEFUNC_ERROR;
245 if(tool_write_headers(&per->hdrcbdata, outs->stream))
246 return CURL_WRITEFUNC_ERROR;
247 } /* content-disposition handling */
248
249 if(hdrcbdata->honor_cd_filename &&
250 hdrcbdata->config->show_headers) {
251 /* still awaiting the Content-Disposition header, store the header in
252 memory. Since it is not zero terminated, we need an extra dance. */
253 char *clone = aprintf("%.*s", (int)cb, (char *)str);
254 if(clone) {
255 struct curl_slist *old = hdrcbdata->headlist;
256 hdrcbdata->headlist = curl_slist_append(old, clone);
257 free(clone);
258 if(!hdrcbdata->headlist) {
259 curl_slist_free_all(old);
260 return CURL_WRITEFUNC_ERROR;
261 }
262 }
263 else {
264 curl_slist_free_all(hdrcbdata->headlist);
265 hdrcbdata->headlist = NULL;
266 return CURL_WRITEFUNC_ERROR;
267 }
268 return cb; /* done for now */
269 }
270 }
271 }
272 if(hdrcbdata->config->writeout) {
273 char *value = memchr(ptr, ':', cb);
274 if(value) {
275 if(per->was_last_header_empty)
276 per->num_headers = 0;
277 per->was_last_header_empty = FALSE;
278 per->num_headers++;
279 }
280 else if(ptr[0] == '\r' || ptr[0] == '\n')
281 per->was_last_header_empty = TRUE;
282 }
283 if(hdrcbdata->config->show_headers &&
284 (scheme == proto_http || scheme == proto_https ||
285 scheme == proto_rtsp || scheme == proto_file)) {
286 /* bold headers only for selected protocols */
287 char *value = NULL;
288
289 if(!outs->stream && !tool_create_output_file(outs, per->config))
290 return CURL_WRITEFUNC_ERROR;
291
292 if(hdrcbdata->global->isatty &&
293 #ifdef _WIN32
294 tool_term_has_bold &&
295 #endif
296 hdrcbdata->global->styled_output)
297 value = memchr(ptr, ':', cb);
298 if(value) {
299 size_t namelen = value - ptr;
300 fprintf(outs->stream, BOLD "%.*s" BOLDOFF ":", (int)namelen, ptr);
301 #ifndef LINK
302 fwrite(&value[1], cb - namelen - 1, 1, outs->stream);
303 #else
304 if(curl_strnequal("Location", ptr, namelen)) {
305 write_linked_location(per->curl, &value[1], cb - namelen - 1,
306 outs->stream);
307 }
308 else
309 fwrite(&value[1], cb - namelen - 1, 1, outs->stream);
310 #endif
311 }
312 else
313 /* not "handled", just show it */
314 fwrite(ptr, cb, 1, outs->stream);
315 }
316 return cb;
317 }
318
319 /*
320 * Copies a filename part and returns an ALLOCATED data buffer.
321 */
parse_filename(const char * ptr,size_t len)322 static char *parse_filename(const char *ptr, size_t len)
323 {
324 char *copy;
325 char *p;
326 char *q;
327 char stop = '\0';
328
329 /* simple implementation of strndup() */
330 copy = malloc(len + 1);
331 if(!copy)
332 return NULL;
333 memcpy(copy, ptr, len);
334 copy[len] = '\0';
335
336 p = copy;
337 if(*p == '\'' || *p == '"') {
338 /* store the starting quote */
339 stop = *p;
340 p++;
341 }
342 else
343 stop = ';';
344
345 /* scan for the end letter and stop there */
346 q = strchr(p, stop);
347 if(q)
348 *q = '\0';
349
350 /* if the filename contains a path, only use filename portion */
351 q = strrchr(p, '/');
352 if(q) {
353 p = q + 1;
354 if(!*p) {
355 Curl_safefree(copy);
356 return NULL;
357 }
358 }
359
360 /* If the filename contains a backslash, only use filename portion. The idea
361 is that even systems that do not handle backslashes as path separators
362 probably want the path removed for convenience. */
363 q = strrchr(p, '\\');
364 if(q) {
365 p = q + 1;
366 if(!*p) {
367 Curl_safefree(copy);
368 return NULL;
369 }
370 }
371
372 /* make sure the filename does not end in \r or \n */
373 q = strchr(p, '\r');
374 if(q)
375 *q = '\0';
376
377 q = strchr(p, '\n');
378 if(q)
379 *q = '\0';
380
381 if(copy != p)
382 memmove(copy, p, strlen(p) + 1);
383
384 #if defined(_WIN32) || defined(MSDOS)
385 {
386 char *sanitized;
387 SANITIZEcode sc = sanitize_file_name(&sanitized, copy, 0);
388 Curl_safefree(copy);
389 if(sc)
390 return NULL;
391 copy = sanitized;
392 }
393 #endif /* _WIN32 || MSDOS */
394
395 /* in case we built debug enabled, we allow an environment variable
396 * named CURL_TESTDIR to prefix the given filename to put it into a
397 * specific directory
398 */
399 #ifdef DEBUGBUILD
400 {
401 char *tdir = curl_getenv("CURL_TESTDIR");
402 if(tdir) {
403 char buffer[512]; /* suitably large */
404 msnprintf(buffer, sizeof(buffer), "%s/%s", tdir, copy);
405 Curl_safefree(copy);
406 copy = strdup(buffer); /* clone the buffer, we do not use the libcurl
407 aprintf() or similar since we want to use the
408 same memory code as the "real" parse_filename
409 function */
410 curl_free(tdir);
411 }
412 }
413 #endif
414
415 return copy;
416 }
417
418 #ifdef LINK
419 /*
420 * Treat the Location: header specially, by writing a special escape
421 * sequence that adds a hyperlink to the displayed text. This makes
422 * the absolute URL of the redirect clickable in supported terminals,
423 * which could not happen otherwise for relative URLs. The Location:
424 * header is supposed to always be absolute so this theoretically
425 * should not be needed but the real world returns plenty of relative
426 * URLs here.
427 */
428 static
write_linked_location(CURL * curl,const char * location,size_t loclen,FILE * stream)429 void write_linked_location(CURL *curl, const char *location, size_t loclen,
430 FILE *stream) {
431 /* This would so simple if CURLINFO_REDIRECT_URL were available here */
432 CURLU *u = NULL;
433 char *copyloc = NULL, *locurl = NULL, *scheme = NULL, *finalurl = NULL;
434 const char *loc = location;
435 size_t llen = loclen;
436 int space_skipped = 0;
437 char *vver = getenv("VTE_VERSION");
438
439 if(vver) {
440 long vvn = strtol(vver, NULL, 10);
441 /* Skip formatting for old versions of VTE <= 0.48.1 (Mar 2017) since some
442 of those versions have formatting bugs. (#10428) */
443 if(0 < vvn && vvn <= 4801)
444 goto locout;
445 }
446
447 /* Strip leading whitespace of the redirect URL */
448 while(llen && (*loc == ' ' || *loc == '\t')) {
449 ++loc;
450 --llen;
451 ++space_skipped;
452 }
453
454 /* Strip the trailing end-of-line characters, normally "\r\n" */
455 while(llen && (loc[llen-1] == '\n' || loc[llen-1] == '\r'))
456 --llen;
457
458 /* CURLU makes it easy to handle the relative URL case */
459 u = curl_url();
460 if(!u)
461 goto locout;
462
463 /* Create a NUL-terminated and whitespace-stripped copy of Location: */
464 copyloc = malloc(llen + 1);
465 if(!copyloc)
466 goto locout;
467 memcpy(copyloc, loc, llen);
468 copyloc[llen] = 0;
469
470 /* The original URL to use as a base for a relative redirect URL */
471 if(curl_easy_getinfo(curl, CURLINFO_EFFECTIVE_URL, &locurl))
472 goto locout;
473 if(curl_url_set(u, CURLUPART_URL, locurl, 0))
474 goto locout;
475
476 /* Redirected location. This can be either absolute or relative. */
477 if(curl_url_set(u, CURLUPART_URL, copyloc, 0))
478 goto locout;
479
480 if(curl_url_get(u, CURLUPART_URL, &finalurl, CURLU_NO_DEFAULT_PORT))
481 goto locout;
482
483 if(curl_url_get(u, CURLUPART_SCHEME, &scheme, 0))
484 goto locout;
485
486 if(!strcmp("http", scheme) ||
487 !strcmp("https", scheme) ||
488 !strcmp("ftp", scheme) ||
489 !strcmp("ftps", scheme)) {
490 fprintf(stream, "%.*s" LINK "%s" LINKST "%.*s" LINKOFF,
491 space_skipped, location,
492 finalurl,
493 (int)loclen - space_skipped, loc);
494 goto locdone;
495 }
496
497 /* Not a "safe" URL: do not linkify it */
498
499 locout:
500 /* Write the normal output in case of error or unsafe */
501 fwrite(location, loclen, 1, stream);
502
503 locdone:
504 if(u) {
505 curl_free(finalurl);
506 curl_free(scheme);
507 curl_url_cleanup(u);
508 free(copyloc);
509 }
510 }
511 #endif
512
